The article delves into creating authorization rules for a multi-tenant system using Google Cloud Platform's (GCP) hierarchical role-based access control system. It emphasizes the need for users to access only resources within their tenant, with roles varying per tenant. The structure includes a projects table, users table, roles table, and mappings for user roles across projects and storage buckets. By flattening hierarchical roles, users can be assigned multiple permissions, such as storage_admin, storage_editor, and storage_viewer, depending on their role. The article provides SQL-based examples using Hasura's permission system to set up select, update, delete, and insert permissions for storage buckets. It also covers permissions for assigning or removing user roles, highlighting the use of role_admin and role_viewer roles. The overall approach leverages Postgres Views and Hasura's Permission DSL to efficiently manage a multi-tenant authorization system.