Modeling Hierarchy with Attribute Scopes

Suggest Edits

In this article, you will learn how to model relationships and arbitrarily deep hierarchy between objects in your system with attribute scopes. By the end of this article, you will understand the fundamentals of modeling:

  • Folder-like structures where objects contain other objects (ad infinitum)
  • Organizational structures where users can be members of different teams
  • Social structures like families and friends of friends

The article assumes you know what object, edges, attributes and permissions are. For more detail, see our Key Concepts article.

Attribute Scopes

Attributes give one object permissions on another object. Each attribute has an attribute name (like edit) and an attribute scope. The value describes the permission and the scope describes which two objects are affected by the attribute. There are three scopes of attribute: direct, inherit and propagate.

Direct Attributes

The direct scope is the simplest attribute scope. It gives the source object the permission on the target object. It is used for non-hierarchical relationships.

An edge with view:direct attribute gives the source object view rights on the target object.

An edge with view:direct attribute gives the source object view rights on the target object.

Inherit Attributes

The inherit attribute scope states:

Inherit: if the target object has the attribute on a third object, the source object ‘inherits’ that attribute on the third object.

Inherit attributes are used to pass a permission from one user or group to another. In the example below, Gloria is a member of a department that owns a particular project. This is modeled by giving the department direct view access on the project, and passing that view access to Gloria with an inherit attribute.

Inherit attributes are used to pass permissions from one user or group to another.

Inherit attributes are used to pass permissions from one user or group to another.

Propagate Attributes

The propagate attribute scope states:

Propagate: if a third object has the attribute on the source object, the third object also gets the attribute on the target object

Propagate attributes are used to propagate permissions down a hierarchy of nested resources. In the example below, Ajay owns a folder and has view access to that folder. Ajay is given view access to all files inside the folder with a propagate attribute.

Propagate permissions are used to propagate permissions down a hierarchy of nested resources, like folders.

Propagate permissions are used to propagate permissions down a hierarchy of nested resources, like folders.

Updated 8 months ago

What’s Next