You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fact that our model is a JSON enables interesting use cases where OpenFGA adopter can create their own DSLs / UIs to create models. We should document this better.
A few use cases:
Automatically adding permissions for setting relations (e.g. 'can_set_viewer_relation')
In a multi-tenant app, enable each B2B customer to redefine permissions with different rewrites, e.g. the model would have:
define can_view : reader or reader from parent
A specific customer could want to change that definition, to:
define can_view : reader or reader from parent or support_engineer from organization
Note that they should not add new permissions, or add new assignable permissions. Just change the rewrites.
Each customer would end up with a different authorization model ID that can be used to evaluate permissions. This would also show the benefits of having multiple authorization models for a specific store.
The text was updated successfully, but these errors were encountered:
The fact that our model is a JSON enables interesting use cases where OpenFGA adopter can create their own DSLs / UIs to create models. We should document this better.
A few use cases:
Automatically adding permissions for setting relations (e.g. 'can_set_viewer_relation')
In a multi-tenant app, enable each B2B customer to redefine permissions with different rewrites, e.g. the model would have:
define can_view : reader or reader from parentA specific customer could want to change that definition, to:
define can_view : reader or reader from parent or support_engineer from organizationNote that they should not add new permissions, or add new assignable permissions. Just change the rewrites.
Each customer would end up with a different authorization model ID that can be used to evaluate permissions. This would also show the benefits of having multiple authorization models for a specific store.
The text was updated successfully, but these errors were encountered: