Its a basic entitlement schema
definition user {}
definition organization {
relation member: user
}
definition entitlement {
relation subscriber_org: organization
relation subscriber_user: user
permission subscribed_member = subscriber_org + subscriber_org->member + subscriber_user
}
definition feature {
relation associated_entitlement: entitlement
permission access = associated_entitlement->subscribed_member
}
Am using resource lookup for feature definition on access permission and check api on the same access permission
And sample data as below
organization:organizationA#member@user:sam
entitlement:EntitlementA#subscriber_org@organization:organizationA
feature:FeatureA#associated_entitlement@entitlement:EntitlementA