Learn how to use policies to create superuser overrides.
Superuser policies allow specific users to override inheritance rules to grant broad access to many resources. This is useful for granting elevated privileges to trusted users, such as administrators, support engineers, or internal employees.
Use superuser policies when you need to:
Many applications implement superuser policies, including:
version 0.3 type user type store relation editor [user] relation viewer [user] // Editors of a store are either // Assigned directly as an editor of the store // Or superusers who can edit any store (via is_superuser policy) inherit editor if policy is_superuser // Any editor can also view the store inherit viewer if relation editor policy is_superuser(user map) { user.superuser == true && user.email endsWith "@internal-domain.com" }