With Permify schema language, you can define recursive relationship-based permissions within the same entity.

As an example, consider a system where there are multiple organizations within a company, some of which may have a parent-child relationship between them.

As expected, organization members are also granted permission to view their organization details. You can model that as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.member
}

Let’s extend the scenario by adding a rule allowing parent organization members to view details of child organizations. Specifically, a member of Organization Alpha could view the details of Organization Beta if Organization Beta belongs to Organization Alpha.

First authorization schema that we provide won’t solve this issue because parent.member accommodate single upward traversal in a hierarchy.

Instead of parent.member we can call the parent view permission on the same entity - parent.view to achieve multiple levels of upward traversal, as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.view
}

This way, we achieve a recursive relationship between parent-child organizations.

Credits to Léo for the illustration and for highlighting this use case.

With Permify schema language, you can define recursive relationship-based permissions within the same entity.

As an example, consider a system where there are multiple organizations within a company, some of which may have a parent-child relationship between them.

As expected, organization members are also granted permission to view their organization details. You can model that as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.member
}

Let’s extend the scenario by adding a rule allowing parent organization members to view details of child organizations. Specifically, a member of Organization Alpha could view the details of Organization Beta if Organization Beta belongs to Organization Alpha.

First authorization schema that we provide won’t solve this issue because parent.member accommodate single upward traversal in a hierarchy.

Instead of parent.member we can call the parent view permission on the same entity - parent.view to achieve multiple levels of upward traversal, as follows:

entity user {}

entity organization {
    relation parent @organization
    relation member @user @organization#member

    action view = member or parent.view
}

This way, we achieve a recursive relationship between parent-child organizations.

Credits to Léo for the illustration and for highlighting this use case.