Hi everyone, I wasn't sure if this use case would work for Keto but I'm building an e-commerce platform and would like to limit user access to orders. The following would apply • User who owns order should always be able to read it • Employee who is a sales rep should be able read order • User who is in charge of fulfillment should not be able to access order Could i create a relationship default for a namespace where i either pass

OWNER
SALES
WAREHOUSE

to a namespace dedicated to orders. I don't want to create a relationship for every new order.

I've actually done this in our platform, we use an object called "general" for this exact purpose. Obviously, you can name it whatever you want, but it's entirely possible (and maybe even recommendable). In our case, we use as simple a form of relations as possible, so we have for example the namespace 'users', which has an object called 'general', which has either relation 'write' or relation 'read'. We still use separate subjects for each permission tuple though, however, this is not neccessary, you can use a generic name for the subject as well - though I'm note sure that's as recommendable 😊