This example represents a healthcare company permission system where users, such as doctors, patients, and administrators, have fine-grained access to medical records, appointments, and patient management.

Schema

entity user {}

entity doctor {
    // Doctors can have multiple patients.
    relation patient @patient
    relation group @group
}

entity partner {
    relation admin @user
    relation member @user

    permission edit = admin
    permission view = edit or member
}

entity group {
    relation partner @partner
    relation doctor @doctor

    permission edit = partner.edit or doctor
    permission view = edit or partner.view
}

entity state {
    attribute age_limit integer

    rule check_age(age integer) {
        this.age_limit > age
    }
}

entity patient {
    // Patients can have multiple doctors and be linked to groups and states.
    relation primary_doctor @doctor
    relation consultant @doctor
    relation group @group
    relation state @state
    relation owner @user
    relation guardian @user

    attribute age integer

    // Permissions for accessing patient data.
    permission parent_access = state.check_age(age)
    permission edit = owner or group.edit or primary_doctor or consultant
    permission view = edit or group.view or guardian
}

entity medical_record {
    // Each medical record pertains to a patient and a doctor.
    relation patient @patient
    relation doctor @doctor

    // Permissions for medical record access.
    action view = doctor.patient or patient or patient.guardian
    action create = doctor.patient
    action update = doctor.patient
    action delete = doctor.patient
}

entity hospital {
    // Hospitals can have doctors, patients, and groups.
    relation doctor @doctor
    relation patient @patient
    relation group @group

    // Actions for managing hospital processes.
    action admit_patient = doctor
    action discharge_patient = doctor
    action view_patient_records = doctor or patient.guardian or group.view
}

entity appointment {
    // Appointments link a patient with a doctor.
    relation doctor @doctor
    relation patient @patient

    // Patients or doctors can manage appointments.
    action create = patient or doctor
    action update = patient or doctor.patient
    action delete = doctor.patient
}

entity claims {
    // Claims link a patient with a group and can involve multiple entities.
    relation group @group
    relation patient @patient

    action edit = patient.edit or group.edit
    action view = edit or patient.view or group.view
    action parent_access = patient.parent_access
}

Here’s a breakdown of the combined schema, explaining each part and how it functions according to the Permify Schema Language:

1. entity user {}

  • Entity: Represents a user in the system.
  • Explanation: This entity is a placeholder for individual users. In other relationships, users are assigned roles or permissions based on their connections to other entities.

2. entity doctor { ... }

  • Relations:
    • relation patient @patient: Doctors can be associated with multiple patients.
    • relation group @group: Doctors can also be linked to groups (e.g., medical teams or departments).
  • Explanation: The doctor entity models a healthcare professional who can have multiple patients assigned to them and can belong to groups. Relationships help manage permissions for accessing patient-related data or participating in group-based activities.

3. entity partner { ... }

  • Relations:
    • relation admin @user: The admin of the partner is a user.
    • relation member @user: Members of the partner are also users.
  • Permissions:
    • permission edit = admin: Users who are admins can edit.
    • permission view = edit or member: Members can view, and admins have inherited view access from the edit permission.
  • Explanation: This entity represents a partner organization, with roles for admin and member users. It defines permissions for actions like editing or viewing the partner data based on user roles.

4. entity group { ... }

  • Relations:
    • relation partner @partner: A group is associated with a partner.
    • relation doctor @doctor: Groups can include doctors.
  • Permissions:
    • permission edit = partner.edit or doctor: If a partner has edit access, or if a doctor is linked, then the group can be edited.
    • permission view = edit or partner.view: The view permission is granted if a user has edit access or if the partner can view.
  • Explanation: Groups are collections that can include doctors and be tied to partners. This entity manages permissions for actions within the group, such as editing or viewing.

5. entity state { ... }

  • Attributes:
    • attribute age_limit integer: The state entity has an age_limit attribute of type integer.
  • Rules:
    • rule check_age(age integer) { this.age_limit > age }: This rule checks if the state’s age limit is greater than a specified age.
  • Explanation: This entity allows defining conditions or rules based on age, which can be used in permissions for entities like patients.

6. entity patient { ... }

  • Relations:
    • relation primary_doctor @doctor: A patient has a primary doctor.
    • relation consultant @doctor: A patient can have consultant doctors.
    • relation group @group: Patients can be linked to groups (e.g., departments).
    • relation state @state: Patients have a state, potentially linked to age-based permissions.
    • relation owner @user: An owner (usually a guardian or caregiver) is associated with the patient.
    • relation guardian @user: A guardian can also be linked to a patient.
  • Attributes:
    • attribute age integer: Represents the patient’s age.
  • Permissions:
    • permission parent_access = state.check_age(age): The permission for parent access is granted if the state’s check_age rule is met.
    • permission edit = owner or group.edit or primary_doctor or consultant: Editing permissions are granted to the owner, group members with edit rights, or the doctors.
    • permission view = edit or group.view or guardian: View permissions extend to anyone who can edit, group members who can view, or the guardian.
  • Explanation: This entity models patients and defines relationships with doctors, groups, and guardians. Permissions are fine-grained, involving rules based on age and relationships with other entities.

7. entity medical_record { ... }

  • Relations:
    • relation patient @patient: Links the medical record to a patient.
    • relation doctor @doctor: Associates the medical record with a doctor.
  • Actions:
    • action view = doctor.patient or patient or patient.guardian: The record can be viewed by doctors associated with the patient, the patient themselves, or their guardian.
    • action create = doctor.patient: Only doctors who are associated with the patient can create the record.
    • action update = doctor.patient: Updating the record is limited to the patient’s doctor.
    • action delete = doctor.patient: Deleting the record is also restricted to the doctor.
  • Explanation: This entity models medical records and enforces strict access control based on the doctor-patient relationship, with different permissions for viewing, creating, updating, and deleting records.

8. entity hospital { ... }

  • Relations:
    • relation doctor @doctor: Doctors associated with the hospital.
    • relation patient @patient: Patients associated with the hospital.
    • relation group @group: Groups linked to the hospital (e.g., medical departments).
  • Actions:
    • action admit_patient = doctor: Doctors can admit patients.
    • action discharge_patient = doctor: Doctors can discharge patients.
    • action view_patient_records = doctor or patient.guardian or group.view: Allows doctors, patient guardians, or group members with view access to see patient records.
  • Explanation: This entity represents hospitals, with relationships to doctors, patients, and groups. The actions define what activities doctors can perform, such as admitting or discharging patients.

9. entity appointment { ... }

  • Relations:
    • relation doctor @doctor: Associates the appointment with a doctor.
    • relation patient @patient: Associates the appointment with a patient.
  • Actions:
    • action create = patient or doctor: Both patients and doctors can create appointments.
    • action update = patient or doctor.patient: Either the patient or their associated doctor can update the appointment.
    • action delete = doctor.patient: Only doctors associated with the patient can delete the appointment.
  • Explanation: The appointment entity handles scheduling activities, linking patients with doctors and defining who can create, update, or delete appointments.

10. entity claims { ... }

  • Relations:
    • relation group @group: Claims can be linked to a group.
    • relation patient @patient: Claims can be associated with a patient.
  • Actions:
    • action edit = patient.edit or group.edit: Claims can be edited by those with patient edit permissions or group edit permissions.
    • action view = edit or patient.view or group.view: View permissions are granted to those who can edit or have patient or group view permissions.
    • action parent_access = patient.parent_access: Parent access to claims follows the parent access permissions for the patient.
  • Explanation: This entity models claims related to patients and groups, defining how these claims can be accessed or modified.