Permissions to managers best practice

Hey ! I have a collection with document level protection. My permission levels are something like Admin - Group[N] - SubGroup[N]

When the end user from SubGroup[N] creates a document, i need to make sure that the parent group can read/write it as well - but none of the parallele sub-groups. Since the user is Not a member of Group[N] - He cant Set these permissions.

What are the best practices doing so?

i thought of

Save the document using the API key -> dangerouse -> security must be controlled on my app. to avoid such fake requests
create an Appwrite function -> After creating, the document - the function will add the parents groups

Any other ideas?

TL;DR

Developers want to give managers permission to access documents created by their subordinates without giving access to parallel subgroups. One solution is to save the document using the API key to avoid fake requests. Another solution is to create an Appwrite function that adds the parent groups after the document is created. Other ideas for best practices in managing permissions within this context are appreciated.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support