openfga.dev icon indicating copy to clipboard operation
openfga.dev copied to clipboard
verified publisher icon openfga

Add document explaining the use case of building your own DSL

Open aaguiarz opened this issue 1 year ago • 0 comments

The fact that our model is a JSON enables interesting use cases where OpenFGA adopter can create their own DSLs / UIs to create models. We should document this better.

A few use cases:

  • Automatically adding permissions for setting relations (e.g. 'can_set_viewer_relation')

  • In a multi-tenant app, enable each B2B customer to redefine permissions with different rewrites, e.g. the model would have:

define can_view : reader or reader from parent

A specific customer could want to change that definition, to:

define can_view : reader or reader from parent or support_engineer from organization

Note that they should not add new permissions, or add new assignable permissions. Just change the rewrites.

Each customer would end up with a different authorization model ID that can be used to evaluate permissions. This would also show the benefits of having multiple authorization models for a specific store.

aaguiarz avatar Mar 22 '24 08:03 aaguiarz