Change Log

Exclusion Support On Permify Schema

August 23, 2022

We add exclusion support to our DLS, Permify Schema. From now you can exclude a relation in the access definition of specific action ⚙️

Additional to and and or operators, Permify now supports and not and or not operators to exclude relations that don't have access to perform the defined action.

As an example use case, let's say we organize permissions based on groupings of users or resources on Permify Schema,

The group has admin and member relationships with users. We also have a view action that indicates only admins or members can view/read the group's resources.

What if we wanted to give administrators the ability to ban users to avoid seeing resources?

In that case, we need to add one more relation to represent the banned user from that group, let's call it banned. Moreover, we need to include this statement - banned members cannot see resources - in our action definition by using the and not operator on Permify Schema.

This simple demonstration shows how to use exclusion operators in Permify Schema.

If you're not familiar with Permify, check out github repo to learn how you can easily structure your authorization with it.

Stay in the loop

Join the conversation at our Discord community! Learn more about authorization, access control and security.