>

Apply for $700 in starter credits on AuthZed Cloud

[Apply now]

AI agents acting on behalf of users

An AI agent inherits access from the user it acts on behalf of, instead of holding standing permissions of its own.

AI agents acting on behalf of users

An AI agent inherits access from the user it acts on behalf of, instead of holding standing permissions of its own.

An entity that can be granted permissions

definition user {

Users can have one or more AI agents that act on their behalf

    relation agent: ai_agent

The set of AI agents that may act on this user's behalf

    permission delegates = agent
}

An AI agent that can act on behalf of a user

definition ai_agent {}

A resource that we are trying to protect

definition document {

Users can be made writers of specific documents

    relation writer: user

Users can be made readers of specific documents

    relation reader: user

If a user has the writer relationship to a specific document, they automatically get permission to edit it

    permission edit = writer

A user can view a document if they are a reader (or can edit it).
An AI agent can view a document if it acts on behalf of a reader or a writer of that document.

    permission view = reader + edit + reader->delegates + writer->delegates
}

Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.