- Home
- Learn
- SpiceDB Schema Examples
- Basic ReBAC
Basic ReBAC
A starter document/reader/writer schema. The smallest example of Relationship-Based Access Control.
Basic ReBAC
A starter document/reader/writer schema. The smallest example of Relationship-Based Access Control.
An entity that can be granted permissions
definition user {}A resource that we are trying to protect
definition document {Users can be made writers of specific documents
relation writer: userUsers can be made readers of specific documents
relation reader: userIf a user has the writer relationship to a specific document, they automatically get permission to edit it
permission edit = writerIf a user has the reader relation to a document OR the permission to edit a document (or both), they automatically get permission to view it
permission view = reader + edit
}definition user {}
definition document {
relation writer: user
relation reader: user
permission edit = writer
permission view = reader + edit
}Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.