Concepts: Tuples

A Tuple is a representation of data and how it is stored in Authzed. All permissions and relationships between objects are stored in Authzed via tuples.

Overview#

At its core, a Tuple is simply a representation of four pieces of information:

  1. A namespace
  2. An object
  3. A relation
  4. A user to which the object, via the relation, is linked in some way (the meaning of which is up to you)

Compact Form#

Tuples are typically represented in a compact form like so:

thetenant/namespace:object#relation@{user}

Since user is, itself, an object, we use a partial tuple for it as well:

thetenant/user:someusername#...

This results in our overall tuple:

thetenant/namespace:object#relation@thetenant/user:someusername#...
tip

The ... relation is a special implicitly defined relation on all namespaces

What it represents#

A tuple represents a link between one object and another, via the specified relation.

Example 1#

For example, the tuple thetenant/namespace:object#relation@thetenant/user:someusername#... translates to:

Object object, under namespace thetenant/namespace is related to the user thetenant/user:someusername#... via relation relation.

Example 2#

As another example, the tuple thetenant/document:mydocument#read@thetenant/user:someusername#... translates to:

Object mydocument, under namespace thetenant/document can be read by thetenant/user:someusername#...

NamespaceObjectRelationTarget (User)
thetenant/documentmydocumentreadthetenant/user:someusername#...

Example 3#

As a third example, the tuple thetenant/group:mygroup#member@thetenant/group:anothergroup#... translates to:

The group anothergroup is a member of the group mygroup

NamespaceObjectRelationTarget (User)
thetenant/groupmygroupmemberthetenant/group:anothergroup#...