- Home
- Learn
- SpiceDB Schema Examples
- AI agents acting on behalf of users
AI agents acting on behalf of users
An AI agent inherits access from the user it acts on behalf of, instead of holding standing permissions of its own.
AI agents acting on behalf of users
An AI agent inherits access from the user it acts on behalf of, instead of holding standing permissions of its own.
An entity that can be granted permissions
definition user {Users can have one or more AI agents that act on their behalf
relation agent: ai_agentThe set of AI agents that may act on this user's behalf
permission delegates = agent
}An AI agent that can act on behalf of a user
definition ai_agent {}A resource that we are trying to protect
definition document {Users can be made writers of specific documents
relation writer: userUsers can be made readers of specific documents
relation reader: userIf a user has the writer relationship to a specific document, they automatically get permission to edit it
permission edit = writerA user can view a document if they are a reader (or can edit it).
An AI agent can view a document if it acts on behalf of a reader or a writer of that document.
permission view = reader + edit + reader->delegates + writer->delegates
}definition user {
relation agent: ai_agent
permission delegates = agent
}
definition ai_agent {}
definition document {
relation writer: user
relation reader: user
permission edit = writer
permission view = reader + edit + reader->delegates + writer->delegates
}Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.