- Home
- Learn
- SpiceDB Schema Examples
- User-defined roles
User-defined roles
Custom roles created at runtime, similar to Jira projects, with built-in roles you can use but not modify.
AdvancedView on GitHub
User-defined roles
Custom roles created at runtime, similar to Jira projects, with built-in roles you can use but not modify.
definition user {}
definition project {
relation issue_creator: role#member
relation issue_assigner: role#member
relation any_issue_resolver: role#member
relation assigned_issue_resolver: role#member
relation comment_creator: role#member
relation comment_deleter: role#member
relation role_manager: role#member
permission create_issue = issue_creator
permission create_role = role_manager
}
definition role {
relation project: project
relation member: user
relation built_in_role: project
permission delete = project->role_manager - built_in_role->role_manager
permission add_user = project->role_manager
permission add_permission = project->role_manager - built_in_role->role_manager
permission remove_permission = project->role_manager - built_in_role->role_manager
}
definition issue {
relation project: project
relation assigned: user
permission assign = project->issue_assigner
permission resolve = (project->assigned_issue_resolver & assigned) + project->any_issue_resolver
permission create_comment = project->comment_creator
// synthetic relation
permission project_comment_deleter = project->comment_deleter
}
definition comment {
relation issue: issue
permission delete = issue->project_comment_deleter
}Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.