Models and Sub-Model Best Practices

Is there any good examples for using FGA across an organization? I think the single part I am struggling with at the moment is how to structure all this.

I work in an organization that has many many different products, api’s, services. A lot of the examples I have seen are pretty simple in their structure, user, document, folder, etc.

In a single model, creating a new user object for every API/service I think would probably be decent to start but as we add more and more of these, trying to navigate through a single model would be daunting I think.

Creating sub-models I think makes sense. However I am curious how that would be structured? I don’t know that I would want a single model for each API/service since there would a crazy amount of different sub-models.

I think there could be some divisions around sub-models relating to business divisions where the related products might exist in the same sub-model.

This is my long winded question of if there are any other good examples of people already doing this in a big organization?

Hi Stephen,

The reasons we see to create a module are:

• You want each team to own their own types/relations

• You want each application to only write tuples for the types they own (e.g. the ‘wiki’ application will write tuples for spaces/pages, the ‘issue-tracker’ app for projects/tickets). This is something we are currently working on.

If each service defines a few types/relations and you want to make sure that service is the only one that can writes tuples for those, you’d need to define a module for each service.

We could potentially add a way to define write permissions per-type and not per-module, and that might reduce the number of modules you’d need to define.

Makes sense?

Yah that makes sense. Are there any limits on how many modules you can have?