Hi all, I have a fairly complex authorisation requirement which I'm hoping prisma can help me solve: A basic data model:

users: N patients: N referrals: N referral_notes

• User has many patient records • Patient records have many referrals • Referrals have many referral_notes I need to enforce rules similar to these: • A

user

may be granted access to a

referral

through their

patient

record. • A

user

may be granted access to a

referral

explicitly via a record in another table (

permissions

table) • Whenever a user has access to a

referral

, they automatically have access to view

referral_notes

I have tried to use

graphql-guard

with prisma as a POC, but not sure if this is the correct combination of tools for this use case. Any help would be hugely appreciated. 🙏

Hey Blair 👋 Welcome to our community! Did you have a look at cerbos? They have a plugin with prisma: cerbos-prisma You could write the authorisation rules in cerbos and can allow fine grained access controls extending the roles defined in Prisma Model. It seems this would be an ideal solution for your use case.

Hi Narul, Thanks for the link - I hadn't come across this solution yet. I'll do some exploration around Cerbos.

They also have an active slack community if you would like to join and ask any cerbos specific questions

I have been using CASL so far and it also have a Prisma integration although I don't use it