Here is an example schema which provides a flexible way to define role-based access control within an organization, separating permissions for regular organizational files and vendor-specific files.
Copy
entity user {}entity organization { // roles relation admin @user relation member @user relation manager @user relation agent @user // organization files access permissions permission view_files = admin or manager or (member not agent) permission delete_file = admin // vendor files access permissions permission view_vendor_files = admin or manager or agent permission delete_vendor_file = agent}