view_employee
permission in the organization entity, we need to consider not only whether the employee is a manager but also check the IP address.
At this point, traditional relation tuples of Permify are insufficient since network address is an dynamic variable that cannot be added as static relations.
So, to incorporate the IP address into our authorization model we will use Contextual Tuples and send dynamic relations values when sending the access check request.
Let’s extend our authorization model with adding contextual entities and relations to create the view_employee
action.
ip_address_range
and related them with user. Afterwards call that dynamic entities inside our organization entity and form the view_employee
permission as follows:
ip_address_range
we need to send ip value on runtime, specifically when performing access control check.
So let’s say user Ashley trying to view employee X. And lets assume that,
organization:1#hr_manager@user:1