Schema Deconstruction
Entities
This schema consists of 2 entities,user
, represents users (maybe corresponds to employees). This entity is empty because it’s only responsible for referencing users.
organization
, represents the organization the user (employees) belongs. It has several roles and permissions related to the specific resources such as organization files and vendor files.
Relations
organization entity
We can use relations to define roles. In this example, we have 4 organization wide roles: admin, manager, member, and agent.Actions
Actions describe what relations, or relation’s relation, can do. You can think of actions as entities’ permissions. Actions define who can perform a specific action and in which circumstances. Permify Schema supports and, or, and not and or not operators to define actions.organization actions
In our schema, we define several actions for controlling access permissions on organization files and organization vendor’s files.-
action edit_files = admin or manager
indicates that only the admin or manager has permission to edit files in the organization. -
action view_files = admin or manager or (member not agent)
indicates that the admin, manager, or members (without having the agent role) can view organization files.