Modeling Google Drive permissions with OpenFGA
This tutorial explains how to represent Google Drive permissions model with OpenFGA.
What you will learn
- Indicate relationships between a group of users and an object. See Modeling User Groups for more.
Used here to indicate that all users within a domain can access a document (sharing a document within an organization). - Model concentric relationship to have a certain relation on an object imply another relation on the same object. See Modeling Concepts: Concentric Relationships for more.
Used here is to indicate that writers are also commenters and viewers. - Using the union operator condition to indicate that a user might have a certain relation with an object if they match any of the criteria indicated.
Used here to indicate that a user can be a viewer on a document, or can have the viewer relationship implied through commenter. - Using the type bound public access in a relationship tuple's user field to indicate that everyone has a certain relation with an object. See Modeling Public Access for more.
Used here to share documents publicly. - Model parent-child objects to indicate that a user having a relationship with a certain object implies having a relationship with another object in OpenFGA.
Used here is to indicate that a writer on a folder is a writer on all documents inside that folder.
Before you start
In order to understand this guide correctly you must be familiar with some OpenFGA concepts and know how to develop the things that we will list below.