Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to use numbers in relations and permissions #617

Open
riba1979 opened this issue Aug 10, 2023 · 3 comments
Open

Possibility to use numbers in relations and permissions #617

riba1979 opened this issue Aug 10, 2023 · 3 comments
Assignees
@EgeAytin @tolgaOzen
Labels
area/schema Issues related with modeling and schema.

Comments

@riba1979
Copy link

Is your feature request related to a problem? Please describe.
I'm trying to migrate roles and permissions from a legacy system. The problem is that the system has roles/permissions with names made up of numbers (for example: "departament_5005") and when I try to create a schema, I get the error "Error: 4:20:expected next token to be SIGN, got ILLEGAL instead".

Describe the solution you'd like
I would like to be able to use numbers in both relations and permissions.

Describe alternatives you've considered

Additional context
@EgeAytin
Copy link
Member

Hi @riba1979, you should be able to create relation tuples with alphanumeric characters. Are you trying to use numbers in the schema ? If that so I'd love to understand the use case in more depth to make a comment. Could you send your model/schema ?

@riba1979
Copy link
Author

riba1979 commented Aug 10, 2023
edited
Loading

Hi,
yes, I'm trying to use number in the schema. To give an example:

entity user {} 

entity organization {

    relation WSO2_manage @user    
    relation administrator @user    
    relation consulting @user    
    relation editor @user  

    permission p_view_resource_14050 = editor or consulting
    permission p_create_WSO2_API = WSO2_manage 

}

@EgeAytin
Copy link
Member

Hi @riba1979, thanks for sharing the schema. Defining permissions associated with specific resources can create bottlenecks and hinder the scalability of authorization in the future because you'll need dozens of roles, each created for a specific resource, which leads to the role explosion problem. Furthermore, this approach won't work with the current Permify workflow.

My suggestion here is to attempt a more finely-grained schema and then create relationships between the resources by associating them using relation tuples. I'm not sure if the following schema covers the one you sent me, but it will give you an idea of the suggested way to structure resources and entities.

entity user {} 

entity organization {

    relation administrator @user    
    relation consulting @user    
    relation editor @user 

    relation api @api 

} 

entity api {

    relation manage @user 

    permission create = manage 

} 

entity resource {

    relation org @organization    

    permission view = org.editor or org.consulting

}

Then you can create following tuples to form relationships between entities;

organization:1#api@api:wso2
organization:1#administrator@user:2
organization:1#editor@user:1
api:wso2#manage@user:1
resource:14050#org@organization:1

This way, you basically prevent permission explosion and shift the burden to the relation tuples. I'm interested in hearing your thoughts on this. I'd also love to learn more details about your migration process, so please feel free to schedule a call to discuss.

@EgeAytin EgeAytin added the area/schema Issues related with modeling and schema. label Aug 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EgeAytin EgeAytin

@tolgaOzen tolgaOzen

Labels
area/schema Issues related with modeling and schema.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EgeAytin @tolgaOzen @riba1979