New Permify Schema improvement 🚨
We add exclusion support to our DLS, Permify Schema. So now you can exclude a relation in the access definition of specific action ⚙️
Additional to
and
and or
operators, Permify now supports and not
and or not
operators to exclude relations that don't have access to perform the defined action.As an example use case, let's say we organize permissions based on groupings of users or resources on Permify Schema,
entity group {
relation admin @user
relation member @user
action view = admin or member
}
The group has
admin
and member
relationships with users. We also have a view
action that indicates only admins or members can view/read the group's resources.What if we wanted to give administrators the ability to ban users to avoid seeing resources?
In that case, we need to add one more relation to represent the banned user from that group, let's call it
banned
. Moreover, we need to include this statement - banned members cannot see resources - in our action definition by using the and not
operator on Permify Schema,entity group {
relation admin @user
relation member @user
relation banned @user
action view = admin or (member and not banned)
}
This simple demonstration shows how to use exclusion operators in Permify Schema.
If you're not familiar with Permify, check out github repo to learn how you can easily structure your authorization with it.