action
and permission
) is that while most permissions are based on actions (such as view, read, edit, etc.), there are still cases where we need to define permissions based on roles or user types, such as admin or member.
Additionally, there may be permissions that need to be inherited by child entities. Using the permission
keyword in these cases is more convenient and provides better reasoning of the schema.
Let’s examine a small snippet from our Facebook Groups real world example.
We have the ‘view’ in the comment entity which represents the comments of the post in Facebook Groups
Users can only view a comment if:
post.group_member
refers to the members of the group to which the post belongs. We defined it as action in post entity as,