# Introduction

This document outlines how to model a common organization-based permission system in Hasura. Let's assume that you have some table structure like the following:

| Table Name        | Columns                      | Foreign Keys                                                             |
|:-----------------:|:---------------------------- | ------------------------------------------------------------------------ |
| User              | id, name, email              |                                                                          |
| Organization User | id, user_id, organization_id | user_id -> user.id, organization_id -> organization.id                   |
| Organization      | id, name                     |                                                                          |

# Example Data

Here we have example users, two (John and Jane) belonging to Organization ID 1, and Frank belonging to Organization ID 2:

| User                                                                                                                                       | Organization User                                                                                                                              | Organization                                                                                                                              |
| ------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| ![hasura-org-permissions-user-table](https://user-images.githubusercontent.com/26604994/77601026-8679c880-6f01-11ea-82ad-25ca0411ce26.png) | ![hasura-org-permissions-org-user-table](https://user-images.githubusercontent.com/26604994/77601031-8bd71300-6f01-11ea-82ca-191e4ddb5e35.png) | ![hasura-org-permissions-org-table](https://user-images.githubusercontent.com/26604994/77601045-942f4e00-6f01-11ea-8900-a9d8c15b27c8.png) |

# Relationships

We create the following relationships on our data:

| User                                                                                                                                     | Organization User                                                                                                                            | Organization                                                                                                                           |
| ---------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| ![hasura-org-perms-user-relations](https://user-images.githubusercontent.com/26604994/77601068-9db8b600-6f01-11ea-9bb4-6cf4cd8f9e95.png) | ![hasura-org-perms-org-user-relations](https://user-images.githubusercontent.com/26604994/77601057-9a252f00-6f01-11ea-8f97-5972d0bb21d5.png) | ![hasura-org-perm-org-relations](https://user-images.githubusercontent.com/26604994/77601074-a4472d80-6f01-11ea-9f80-071b43d64a16.png) |

# Permissions

And provision the permissions like such:

| User                                                                                                                                | Organization User                                                                                                                       | Organization                                                                                                                             |
| ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
|                                                                                                                                     |                                                                                                                                         |                                                                                                                                          |
| ![hasura-org-perm-user-perms](https://user-images.githubusercontent.com/26604994/77601086-ac9f6880-6f01-11ea-82aa-d171502de47e.png) | ![hasura-org-perm-org-user-perms](https://user-images.githubusercontent.com/26604994/77601100-b45f0d00-6f01-11ea-9231-c62f8b332c1a.png) | ![hasura-org-permissions-org-perm](https://user-images.githubusercontent.com/26604994/77601092-af9a5900-6f01-11ea-92b4-578aca118332.png) |

# Query Results

Now when we query with our `X-Hasura-User-Id` set as User `1` and `3` respectively, we can see only those users in our own organizations:

| User ID 1 (Org 1)                                                                                                            | User ID 1 (Org 2)                                                                                                            |
| ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| ![query-as-user-org-1](https://user-images.githubusercontent.com/26604994/77601103-b6c16700-6f01-11ea-9cff-82b05c5b6914.png) | ![query-as-user-org-2](https://user-images.githubusercontent.com/26604994/77601108-b88b2a80-6f01-11ea-868e-c775c86b9041.png) |