Skip to content

Supporting Permission Operations like Intersection & #44

New issue
New issue
Open
Open
Supporting Permission Operations like Intersection &#44
Labels
enhancementNew feature or request
@theronic

Description

@theronic
theronic
opened on Oct 28, 2025

EACL currently only supports the + Union operator, e.g.

definition user {}

definition server {
  relation owner: user
  relation viewer: user

  permission view = owner + viewer
  permission delete = owner
}

But EACL does not Negation or Intersection yet. You can usually work around this with application logic by doing two permissions checks and doing the AND / OR logic in your code, but it's not ideal for consumers who need those Spice operations.

Thinking about how to support this efficiently. With better schema AST, should be possible, but may complicate the implementation quite a bit.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions