Savvi Studio

core.auth

core

L1 permissions semantics for membership, role, permission, and ownership

Version
1.0.0
Namespace
core.auth
Tags
permissionsauthorizationcorelayer-platform

Predicates

Predicate policies that control how graph statements are formed.

NamePredicatePermissionPrioritySchema.org
member-of-predicateschema:memberOf
has-role-predicateschema:roleName
has-permission-predicate
owns-predicateschema:owns
member-ofmember_ofread65schema:memberOf
has-rolehas_rolewrite80
has-permissionhas_permissionadmin90
ownsownsowner100schema:owns

Exports

KeyExported asFrom
role-assignmenttemplaterole-assignment
access-mappingtemplateaccess-mapping

Templates

role-assignment

Create a role assignment resource and attach a has_role statement

Parameters

NameType
assignment-keystring
principal-idbigint
role-idbigint

Exports

KeyTypeFrom
rootresourceassignment

Objects Created

NameTypeDetails
assignmentresourcenamespace: auth.role_assignment
principal-has-rolestatement{principal-id} —[has_role]→ {role-id}

access-mapping

Apply generic access links for a subject across memberships, roles, and permissions

Parameters

NameType
mapping-keystring
subject-idbigint
membership-target-idsarray
role-target-idsarray
permission-target-idsarray
sourcestring

Exports

KeyTypeFrom
rootresourcemapping

Objects Created

NameTypeDetails
mappingresourcenamespace: auth.access_mapping
membershipsstatement{subject-id} —[member_of]→ {"$item":true}
rolesstatement{subject-id} —[has_role]→ {"$item":true}
permissionsstatement{subject-id} —[has_permission]→ {"$item":true}