>

Apply for $700 in starter credits on AuthZed Cloud

[Apply now]

Superuser / platform admin

Site-wide super-administrators that inherit access to every resource owned by every organization.

Superuser / platform admin

Site-wide super-administrators that inherit access to every resource owned by every organization.

An entity that can be granted permissions

definition user {}

A resource that we are trying to protect

definition document {

A specific user or a specific organization can be made owner of a document

    relation owner: user | organization

If a user has the (direct) owner relation OR if they are admin of the owner organization, they get the admin permission on the document

    permission admin = owner + owner->admin
}

Organizations can own documents

definition organization {

The organization can be linked to one platform

    relation platform: platform

If a user has the super_admin permission on the platform, they get the admin permission on the organization

    permission admin = platform->super_admin
}

A root object with administrators

definition platform {
    relation administrator: user
    permission super_admin = administrator
}

Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.