For large number of users, managing access for entire groups can be more efficient than assigning roles to individual users.User groups essentially define that, if you’re part of a group, you can access certain resources or perform specific actions.Let’s demonstrate how this can be modeled using a simple project management system scenario.
Copy
entity user {}entity organization { // organizational roles relation admin @user relation member @user}entity team { // represents owner or creator of the team relation owner @user // represents direct member of the team relation member @user // reference for organization that team belong relation org @organization // organization admins or owners can edit, delete the team details permission edit = org.admin or owner permission delete = org.admin or owner // to invite someone you need to be admin and either owner or member of this team permission invite = org.admin and (owner or member) // only owners can remove users permission remove_user = owner}entity project { // references for team and organization that project belongs relation team @team relation org @organization permission view = org.admin or team.member permission edit = org.admin or team.member permission delete = team.member}
entity project { relation team @team relation org @organization permission view = org.admin or team.member permission edit = org.admin or team.member permission delete = team.member}
The project entity has two relations: team and org, representing the team and organization it belongs to.It defines three permissions:
view: Organization admins or team members can view the project.
edit: Organization admins or team members can edit the project.
delete: Only team members can delete the project.
This model establishes a hierarchy where organizations contain teams, which in turn contain projects. It also defines various permissions based on user roles within organizations and teams.