Logical Exclusion Relationship

[StephenStrickland]

Hey Team,

Love this project.

I've been reading into Zanzibar and your docs and I have some questions about implementing exclusionary relationships.

I'm trying to setup a User that would have a Role, each Role would contain a set of Permissions (RBAC). Is there a way I can "deny" a specific permission for a user of a role? Such that the permissions that a user has access to is is permission in role_perm_list and not in deny_list?

I saw some code and docs on "inclusion" and "exclusion" when configuring namespaces, but couldn't figure out the use case or if it was applicable to the problem I'm trying to solve.

EDIT: I guess I'm looking for how to configure namespaces so I can build the appropriate relationships. But from all the docs, code, issues I've read it appears that the namespace config schema is undefined beyond name and id

[vinckr]

Hello @StephenStrickland
I think this is WIP, check out this issue: #303