#Newbie alert: I am trying permify first

1 messages · Page 1 of 1 (latest)

fair forge
#

Hi @lone river ,

Here’s the schema:

schema: |-
  entity employee {}

  entity organization {
      relation view_access @employee
      relation admin_access @employee

      relation owner @enterprise

      relation enterprise_admins @enterprise#admin
  }

  entity enterprise {
      relation admin @employee
  }

  entity customer {
      relation owner @organization

      permission can_view = owner.view_access or owner.admin_access or owner.enterprise_admins
      permission can_edit = owner.admin_access or owner.enterprise_admins
  }
relationships:
  - enterprise:ent1#admin@employee:eEntAdmin
  
  # Additional relationships
  - organization:org1#enterprise_admins@enterprise:ent1#admin

  - organization:org1#owner@enterprise:ent1
  - organization:org1#view_access@employee:e1
  - organization:org1#admin_access@employee:e2
  - customer:c1#owner@organization:org1
attributes: []
scenarios:
  - name: admin_access_test
    checks:
      - entity: customer:c1
        subject: employee:eEntAdmin
        context: null
        assertions:
          can_view: true
          can_edit: true
      - entity: customer:c1
        subject: employee:e1
        context: null
        assertions:
          can_view: true
          can_edit: false
      - entity: customer:c1
        subject: employee:e2
        context: null
        assertions:
          can_view: true
          can_edit: true
      - entity: customer:c1
        subject: employee:e4
        context: null
        assertions:
          can_view: false
          can_edit: false
    entity_filters: []
    subject_filters: []

I added the relationship "organization:org1#enterprise_admins@enterprise:ent1#admin", and it worked. The reason for this is that relation references don't influence the decision-making process. They are just constraints on what relationships can be created. You can read more about this in detail at https://docs.permify.co/getting-started/modeling#multiple-relation-types

Permify Docs
Modeling Authorization - Permify Docs
lone river
#

Ohh. that's good to know.
I figure out that if I change enterprise_admins relation to permission that too works. So changing the entity like

  entity organization {
      relation view_access @employee
      relation admin_access @employee

      relation owner @enterprise

      permission enterprise_admins = owner.admin
  }

Do you see any issue with this?