how to define that subset of attributes | Permify | Page 1

somber kayak Nov 6, 2023, 6:15 PM

#

Hi @blazing kite , could you provide more details about your use case?

blazing kite Nov 6, 2023, 6:17 PM

#

for the below schema if I want that tenant_admin cannot edit few attributes of the tenant object how should I proceed. total newbie here

`entity user {

}

entity tenant {
relation super_admin @user
relation tenant_admin @user
relation tenant_user @user
relation project_admin @user
relation project_user @user

action create = super_admin
permission update = super_admin or tenant_admin
permission delete = super_admin or tenant_admin
permission read = super_admin or tenant_admin or tenant_user or project_admin or project_user
}
`

#

will it be a responsibility of the consumer side then permify ?

somber kayak Nov 6, 2023, 6:36 PM

#

You can ensure that even if someone is a super_admin, they will not pass if they are a tenant_admin by using the 'not' keyword in 'action create = super_admin not tenant_admin'

#

But I'm not certain this is what you're referring to

blazing kite Nov 6, 2023, 6:39 PM

#

What I wanted to ask is like if tenant object is represented as
{ id:1, is_paid: false }

and I want the tenant 1 's tenant_admin to restrict modifying the is_paid attribute how should I proceed ?

Sorry for the confusion

#

Only super_admin should be allowed to modify the is_paid prop

#

I hope it's clear now

#how to define that subset of attributes