>

Apply for $700 in starter credits on AuthZed Cloud

[Apply now]

User-defined roles

Custom roles created at runtime, similar to Jira projects, with built-in roles you can use but not modify.

AdvancedView on GitHub

User-defined roles

Custom roles created at runtime, similar to Jira projects, with built-in roles you can use but not modify.

definition user {}

definition project {
	relation issue_creator: role#member
	relation issue_assigner: role#member
	relation any_issue_resolver: role#member
	relation assigned_issue_resolver: role#member
	relation comment_creator: role#member
	relation comment_deleter: role#member
	relation role_manager: role#member

	permission create_issue = issue_creator
	permission create_role = role_manager
}

definition role {
	relation project: project
	relation member: user
	relation built_in_role: project

	permission delete = project->role_manager - built_in_role->role_manager
	permission add_user = project->role_manager
	permission add_permission = project->role_manager - built_in_role->role_manager
	permission remove_permission = project->role_manager - built_in_role->role_manager
}

definition issue {
	relation project: project
	relation assigned: user

	permission assign = project->issue_assigner
	permission resolve = (project->assigned_issue_resolver & assigned) + project->any_issue_resolver
	permission create_comment = project->comment_creator

	// synthetic relation
	permission project_comment_deleter = project->comment_deleter
}

definition comment {
	relation issue: issue
	permission delete = issue->project_comment_deleter
}

Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.