https://authzed.com logo
Join Discord
Powered by
# spicedb
  • r

    Ryan De Lap

    10/22/2025, 5:48 AM
    Any ideas why my schema command is working with
    zed schema write schema/schema.zed --endpoint localhost:50051 --insecure --token=devkey
    and returning with error code 0 but when I run this I am getting nothing back? it:(main) ✗ zed schema read --endpoint localhost:50051 --insecure --token=devkey 12:48AM ERR terminated with errors error="rpc error: code = NotFound desc = No schema has been defined; please call WriteSchema to start" ➜ ryan-repository-testing git:(main) ✗
  • r

    Ryan De Lap

    10/22/2025, 5:48 AM
    This is with me using the Spanner datastore, if that helps
  • s

    Sohan

    10/22/2025, 9:32 AM
    what happens when you run
    zed context list
    ?
  • r

    Ryan De Lap

    10/22/2025, 3:28 PM
    10:28AM ERR terminated with errors error="config did not exist"
  • r

    Ryan De Lap

    10/22/2025, 3:33 PM
    Followup question: Does SPiceDB have a call that I can get what permissions exist more generally?
  • r

    Ryan De Lap

    10/22/2025, 3:41 PM
    I sohuld mention that I am attempting to do this via local spanner emulator
  • r

    Ryan De Lap

    10/22/2025, 3:41 PM
    https://gist.github.com/Ryan-DL/106feab7fc6064c6c6b04773a567cc0b
  • r

    Ryan De Lap

    10/22/2025, 3:47 PM
    SEtting context still results in failure here, ocmmand passes but results in
    Copy code
    ➜  ryan-repository-testing git:(main) ✗ zed schema read
    
    10:47AM ERR terminated with errors error="rpc error: code = NotFound desc = No schema has been defined; please call WriteSchema to start"
    My instance is giving me
    Copy code
    {"level":"info","protocol":"grpc","grpc.component":"server","grpc.service":"authzed.api.v1.SchemaService","grpc.method":"WriteSchema","grpc.method_type":"unary","requestID":"d3sfo5pk1etc73epke9g","peer.address":"172.18.0.1:50452","grpc.start_time":"2025-10-22T15:45:27Z","grpc.code":"OK","grpc.time_ms":3,"time":"2025-10-22T15:45:27Z","message":"finished call"}
    `
  • j

    Joey

    10/22/2025, 3:52 PM
    yes, there is a reflection API
  • j

    Joey

    10/22/2025, 3:52 PM
    Spanner emulator does not implement the full set of operations necessary for SpiceDB to function and is therefore not supported
  • r

    Ryan De Lap

    10/22/2025, 3:53 PM
    el classico
  • r

    Ryan De Lap

    10/22/2025, 3:53 PM
    alright
  • j

    Joey

    10/22/2025, 3:53 PM
    we use it for testing but we know what works and doesn't, so it should not be relied upon for general usage
  • r

    Ryan De Lap

    10/22/2025, 3:53 PM
    Kinda gross, because I will need to know what permissions are available on a specific type for rendering pages about things to turn on / off for a specific resource
  • r

    Ryan De Lap

    10/22/2025, 3:53 PM
    Spanner in production is fine though I assume?
  • j

    Joey

    10/22/2025, 3:54 PM
    you'll need to know the semantics of the permissions/relations anyway; you'll likely need to do this during compilation
  • j

    Joey

    10/22/2025, 3:54 PM
    yes
  • r

    Ryan De Lap

    10/22/2025, 3:55 PM
    I suppose that is true to some extent, let me think about this later.
  • r

    Ryan De Lap

    10/22/2025, 3:55 PM
    Alright thanks for the information, we'll use Postgres as a local store for the time being then.
  • m

    mparnisari

    10/22/2025, 11:27 PM
    Hi folks! SpiceDB dev here. I want to get y'alls opinion: would adding a flag to disable tracing for healthcheck calls be useful? If yes, please give this message a 👍 . I am trying to gauge whether people care about traces for healthchecks (in which case a flag would be handy), or if we can just disable traces for healthcheck requests completely.
  • r

    Ryan De Lap

    10/23/2025, 11:16 PM
    What is a commonly associated way of doing this pattern: Say I have a user that has a permission on 5 different type objects that all inherit from each other. I want to make sure that they have an effective permissions call of TRUE if all of them are set to true for a specific objects permission, but I want to represent the idea of "unset" and there fore inherit the permissions sometimes. How does that work in a system like SpiceDB to get this type of behavior?
  • j

    Joey

    10/24/2025, 5:04 AM
    you'd use an intersection arrow and remove the relationship on the parent type if it was unset
  • p

    Pablo

    10/24/2025, 2:56 PM
    Hey guys is the flag
    --enable-revision-heartbeat
    compatible with
    --datastore-readonly
    ? Thanks 🙂
  • j

    Joey

    10/24/2025, 3:35 PM
    Technically, no, as it needs to perform writes to update it
  • Not sure where to ask this question,
    s

    srinivas183

    10/27/2025, 12:41 PM
    Not sure where to ask this question, asking here. Anyone can help? https://cdn.discordapp.com/attachments/844600078948630559/1432348376459903027/message.txt?ex=690162a0&is=69001120&hm=facceb5bb8436964e10f9f77f8a7ba009c2d743dddb420669b9b2eec11171a6e&
    y
    • 2
    • 3
  • Access-Control Management
    t

    thackerc

    10/28/2025, 2:57 PM
    I am looking to implement fine grained permissions as described [here](https://authzed.com/docs/spicedb/modeling/access-control-management#fine-grained-access-control) but with inheritance - if the same permission is granted at the org level it is inherited by any child repo. This is what I've come up with, but I am getting a `under permission
    create_issue
    under definition `repository`: permissions cannot be used on the left hand side of an arrow (found
    org_grants
    )` error. Suggestions?
    Copy code
    definition user {}
    
    definition team {
        relation member: user
    }
    
    definition org {
        relation direct_grants: role_grant
    
        // permissions
        permission create_issue = direct_grants->create_issue
        permission delete_issue = direct_grants->delete_issue
    
        // export
        permission grants = direct_grants
    }
    
    definition repository {
        // imports
        permission org_grants = org->grants
    
        // belongs to exactly one
        relation org: org
    
        // grants
        relation direct_grants: role_grant
    
        // permissions
        permission create_issue = direct_grants->create_issue + org_grants->create_issue
        permission delete_issue = direct_grants->delete_issue + org_grants->delete_issue
    }
    
    // Definition of role grants
    // A role grant assigns the permissions of a role to a user or team
    definition role_grant {
        relation role: role
        relation grantee: user | team#member
        permission create_issue = role->create_issue & grantee
        permission delete_issue = role->delete_issue & grantee
    }
    
    // Definition of roles
    // Each role defines a set of permissions that can be granted to users or teams
    definition role {
        relation create_issue: user:*
        relation delete_issue: user:*
    }
    y
    • 2
    • 3
  • c

    chrisio.9000

    10/28/2025, 3:19 PM
    Hi, does the SpiceDB API provide support for pagination when querying data. Specifically, I would like to know if the API allows clients to define a page size (i.e., the number of results per page) and a page number or offset, enabling the retrieval of paginated results.
  • j

    Joey

    10/28/2025, 3:28 PM
    yes, for LookupResources and ReadRelationships. Not currently for LookupSubjects or Expand
  • c

    chrisio.9000

    10/28/2025, 3:56 PM
    you mean the cursorsright? But you cannot set the cursor to a specific page or?
  • j

    Joey

    10/28/2025, 4:01 PM
    no, but you can continue and set a limit