Recursive Relationships

With Permify schema language, you can define recursive relationship-based permissions within the same entity. As an example, consider a system where there are multiple organizations within a company, some of which may have a parent-child relationship between them. As expected, organization members are also granted permission to view their organization details. You can model that as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.member
}

Let’s extend the scenario by adding a rule allowing parent organization members to view details of child organizations. Specifically, a member of Organization Alpha could view the details of Organization Beta if Organization Beta belongs to Organization Alpha. modeling-authorization

First authorization schema that we provide won’t solve this issue because parent.member accommodate single upward traversal in a hierarchy. Instead of parent.member we can call the parent view permission on the same entity - parent.view to achieve multiple levels of upward traversal, as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.view
}

This way, we achieve a recursive relationship between parent-child organizations.

Credits to Léo for the illustration and for highlighting this use case.

Inherited/Nested Permissions Configuration

⌘I

Introduction

Getting Started

Modeling Guides

Setting Up

Operations

Integrations

Use Cases

Migration

Recursive Relationships