Federated Schema Import for Centralized Organizational Hierarchies

[prostacks]

Federated Schema Import for Centralized Organizational Hierarchies

Is your feature request related to a problem? Please describe.

In enterprise environments, applications that need org-level permissions must each recreate and maintain their own organizational hierarchy within Permify. When employee relationships change (promotions, transfers, reorganizations), every application must independently update their schema. This creates significant duplication of effort, data inconsistency, and maintenance burden across application portfolios.

Describe the solution you'd like

A federated schema model where:

1. Remote Schema Import: Applications can import schema definitions from a remote/central source without recreating entity definitions or relationship data

2. Flexible Data Synchronization: Support multiple data access patterns:

   • Replication: Central org data is replicated to subscribing applications
   • On-Demand Fetch: Applications query central source in real-time when authorization checks occur

3. Configurable Mutability: Remote schema data should support different mutation models:

   • Immutable: Local applications can only read remote data (source of truth remains central)
   • Mutable: Local applications can modify their copy of remote data
   • Bidirectional with Conflict Resolution: Local changes sync back to central source, with central source winning conflicts

4. Central Schema Ownership: A designated team maintains the organizational hierarchy based on authoritative data attributes

5. App Autonomy: Applications can add their own authorization logic while leveraging shared org hierarchy

Example:

HR/Platform team defines: Employee entities, org hierarchy, department structures

App team imports schema and extends: "if employee.department = 'R&D' then grant feature_x"

App configures data mode: 
  - Immutable (read-only from central), OR
  - Bidirectional (can update with central as conflict winner)

Result: No need to recreate or populate employee/org data

Describe alternatives you've considered

A SIEM system to automatically sync to consuming applications via:

• Query federation (app queries route to central source)
• Event streaming (publish changes via Kafka/MQTT)

Additional context

Enables enterprise-scale authorization by separating concerns: platform teams own canonical org data while application teams focus on app-specific permissions without recreating foundational org structures. Critical for organizations with frequently changing hierarchies and hundreds of applications requiring consistent org-based permissions.