Its a basic entitlement schema definition user {} definition organization { relation member: user } definition entitlement { relation subscriber_org: organization relation subscriber_user: user permission subscribed_member = subscriber_org + subscriber_org->member + subscriber_user } definition feature { relation associated_entitlement: entitlement permission access = associated_entitlement->subscribed_member } Am using resource lookup for feature definition on access permission and check api on the same access permission And sample data as below organization:organizationA#member@user:sam entitlement:EntitlementA#subscriber_org@organization:organizationA feature:FeatureA#associated_entitlement@entitlement:EntitlementA