# know user r/w on known FILE
- path: mydatastite/path/to/dir/test.json # exact file. can be direct file
  write:
    - "koen@openmined.org" # known writer
  read:
    - "eelco@openmined.org" # known reader

# known user can r/w on known dir
- path: mydatasite/path/shared/to/koen # known dir
  write:
    - "koen@openmined.org"
  read:
    - "*@openmined.org" # known group

# known user can create permissions known dir
- path: mydatasite/path/shared/madhava # known dir
  admin:
    - "madhava@openmined.org" # shared ownership with madhava - can r/w and create a syft.pub.yaml. i still own the dir.
  write:
    - "koen@openmined.org" # known writer in the dir
  read:
    - "*@openmined.org" # known group

# Unknown user(s) can create known file
- path: mydatastite/path/to/dir/another.json # exact location of file
  write:
    - "*" # GLOBAL writes to the file

# Unknown user can create unknown file(s)
- path: mydatastite/path/to/dir/dir # known dir, but unknown files
  write:
    files: # ALLOW only FILES creates under `path`
      - "*"

# Unknown user can create unknown dirs
- path: mydatasite/path/shared/to/koen/ # known dir, but unknown subdirs
  write:
    dirs: # ALLOW only DIRS creates under `path`
      - "koen@openmined.org"

# advanced collaboration use-case
- path: mydatasite/shared/collab
  admin:
    - andrew@openmined.org
    - leader@creddit.org
  write:
    - "madhava@openmined.org"
    - "irina@openmined.org"
    - "someone@creddit.org"
  read:
    files:
      - "*@openmined.org"