im trying to tie together the following model:
model
schema 1.1
type user
type group
relations
define member: [user]
type role
relations
define assignee: [user, group#member]
type holding_company
relations
define basic_read: [user, group#member, role#assignee] or full_read
define full_read: [user, group#member, role#assignee]
define subsidiary_list: [user, group#member, role#assignee]
define subsidiary_create: [user, group#member, role#assignee]
define subsidiary_delete: [user, group#member, role#assignee]
type subsidiary
relations
define parent: [holding_company]
define order_list: [user, group#member, role#assignee]
define order_create: [user, group#member, role#assignee]
define staff_list: [user, group#member, role#assignee]
define staff_create: [user, group#member, role#assignee]
type order
relations
define parent: [subsidiary]
define read_basic: [user, group#member, role#assignee] or read_full
define read_full: [user, group#member, role#assignee]
#define read_financials: [user, group#member, role#assignee]
#define read_pii: [user, group#member, role#assignee]
define edit: [user, group#member, role#assignee]
define submit: [user, group#member, role#assignee]
define revert: [user, group#member, role#assignee]
define cancel: [user, group#member, role#assignee]
type staff
relations
define parent: [subsidiary, holding_company]
define read_basic: [user, group#member, role#assignee] or read_full
define read_full: [user, group#member, role#assignee]
define edit: [user, group#member, role#assignee]
define terminate: [user, group#member, role#assignee]
For example, im trying to:
- create a role
BigBossapplicable only toholding-company:CocaColaand this role can do everything… - at the same time, create the role
LocalHRDeputythat can onlystaff_list,staff_read_fullandstaff=>editover thesubsidiary:doritosof theholding-company:pepsiCo - crate the role
OrderReviewerthat canorder=>read_fullof any subsidiary of theholding_company:Mercedes
Can someone clarify how does this would work?