agynio · vitramir · Apr 19, 2026 · Apr 18, 2026
diff --git a/terraform/model.fga b/terraform/model.fga
@@ -16,6 +16,7 @@ type organization
     define can_invite: owner
     define can_manage_members: owner
     define can_add_member: admin from cluster
+    define can_view_threads: owner or admin from cluster
     define can_create_thread: [identity]
     define can_write_thread: [identity]
     define can_add_participant: [identity]
diff --git a/terraform/model.fga.yaml b/terraform/model.fga.yaml
@@ -90,6 +90,24 @@ tests:
         object: "organization:org-1"
         assertions:
           can_add_member: false
+  - name: org owner can view threads
+    check:
+      - user: "identity:org-owner-id"
+        object: "organization:org-1"
+        assertions:
+          can_view_threads: true
+  - name: org member cannot view threads
+    check:
+      - user: "identity:org-member-id"
+        object: "organization:org-1"
+        assertions:
+          can_view_threads: false
+  - name: cluster admin can view threads
+    check:
+      - user: "identity:admin-user-id"
+        object: "organization:org-1"
+        assertions:
+          can_view_threads: true
   - name: installed app has thread permissions
     check:
       - user: "identity:app-installed-id"