>

Apply for $700 in starter credits on AuthZed Cloud

[Apply now]

Basic ReBAC

A starter document/reader/writer schema. The smallest example of Relationship-Based Access Control.

Basic ReBAC

A starter document/reader/writer schema. The smallest example of Relationship-Based Access Control.

An entity that can be granted permissions

definition user {}

A resource that we are trying to protect

definition document {

Users can be made writers of specific documents

    relation writer: user

Users can be made readers of specific documents

    relation reader: user

If a user has the writer relationship to a specific document, they automatically get permission to edit it

    permission edit = writer

If a user has the reader relation to a document OR the permission to edit a document (or both), they automatically get permission to view it

    permission view = reader + edit
}

Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.