- Home
- Learn
- SpiceDB Schema Examples
- Superuser / platform admin
Superuser / platform admin
Site-wide super-administrators that inherit access to every resource owned by every organization.
Superuser / platform admin
Site-wide super-administrators that inherit access to every resource owned by every organization.
An entity that can be granted permissions
definition user {}A resource that we are trying to protect
definition document {A specific user or a specific organization can be made owner of a document
relation owner: user | organizationIf a user has the (direct) owner relation OR if they are admin of the owner organization, they get the admin permission on the document
permission admin = owner + owner->admin
}Organizations can own documents
definition organization {The organization can be linked to one platform
relation platform: platformIf a user has the super_admin permission on the platform, they get the admin permission on the organization
permission admin = platform->super_admin
}A root object with administrators
definition platform {
relation administrator: user
permission super_admin = administrator
}definition user {}
definition document {
relation owner: user | organization
permission admin = owner + owner->admin
}
definition organization {
relation platform: platform
permission admin = platform->super_admin
}
definition platform {
relation administrator: user
permission super_admin = administrator
}Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.