#Hi everyone. I am researching

1 messages · Page 1 of 1 (latest)

shrewd edge
#

Hi @tall night to grant a user access to all resources (such as documents) using ReBAC in Permify, you can define a relationship that encompasses all the documents and then assign that relationship to the user.

Here’s an example schema that demonstrates how to define such relationships:

entity user {}

entity document {
  relation viewer @user
  action view = viewer
}

Now, if you want UserA to have view access to all documents (DocA, DocB, DocC, ...), you would create relational tuples for each document like this:

document:DocA#viewer@user:UserA
document:DocB#viewer@user:UserA
document:DocC#viewer@user:UserA
...

By defining these tuples, UserA is assigned the viewer relationship for each document, which grants them the view permission for all specified documents.

To simplify, if you have a large number of documents, you could consider grouping documents under a parent entity (like an organization) and grant access at the group level.

entity user {}

entity organization {
  relation admin @user
}

entity document {
  relation parent @organization
  relation viewer @user
  action view = viewer or parent.admin
}

Then, you only need to assign UserA as an admin of the organization:

organization:Org1#admin@user:UserA
document:DocA#parent@organization:Org1
document:DocB#parent@organization:Org1
document:DocC#parent@organization:Org1
...

This way, UserA can view all documents under the organization.

#

Does this solve your requirement?