you'll also need to add the validation that currently occurs in services/v1/relationships.go in front of any write calls

lest you accidentally write invalid rels

How should I write complicated queries with pagination, filtering and sorting with spicedb? List endpoint API

I read it. I need advanced filtering and pagination. It can’t be developed in these ways because they are not efficient and I can loop many times over the database. Maybe I need the Materialize. Is there a release date?

For example, if I have database table with 1M records and I need to do sort, filter and paginate and I have for 5000 records view permission.

How do I get page number 3 records?

you'd use Materialize then. It is available now (in early access)

and to clarify, materialize is a feature of our paid platform

I have setup my schema following the guide on user-defined roles. What I imagine is the app providing: 1. some default roles out of the box 2. users creating roles they can reuse across projects

So in my app, I would like to provide a default experience where consistency uses

minimizeLatency

and

atLeastAsFresh

when no zookie is provided. This would mean I need to cache a recent enough zookie in my backend and use that when none is provided. 1. Does this make sense? 2. Should I be concerned about this with respect to the New Enemy Problem? 3. Does the Node client support this out-of-the-box? 4. Is it better to middleware my call chain or listen to the event stream from SpiceDB?

👋 A question around the operator and releases.... Do you know when we could expect a new version of the operator? Quite interested in testing [this](https://github.com/authzed/spicedb/pull/2587) 🙂

hey, random question: maybe I'm misunderstanding something, but it seems like

ReadRelationships

always includes an

after_result_cursor

, even if it returned all the contents and

optional_limit

hasn't been set. can I just ignore it in that case?

The cursor should be safe to ignore in that case.

and we might be removing it in the future unless limit is specified

Hello ! we are currently looking for solutions to integrate MFA enforcing in our systems. where all resources belonging to some workspace are only available if the user has some kind of MFA enabled. one of my ideas was to add a caveat to the relation between the user and the workspace. (caveat with 2 arguments : expected_amr, and provided_amr, where expected_amr is defined when configuring the relation, and provided_amr is provided in the context of the query) this works, but has a sizeable flaw : when the admin of a workspace changes the mfa requirements, we need to update all user relations. now, this shouldn't happen too often (well, basically only once per workspace at most) I tried to find a way to configure it only once for the specifice "workspace" ressource, but couldn't find a way. is there a way to do that ? is my first idea the only way to do that ? (probably not, I could handle this outside SpiceDB, but shouldn't access management use SpiceDB ?)

Hey guys, quick question: Is there a way I could point a permission to itself? For example:

definition user {
   permission view_profile = this->user
}

So that a user can only view it's own profile, for example

At least in SpiceDB's serve-test mode, I'm noticing that the last LookupResourcesResponse has a non-empty after_result_cursor, even when the next page has no results. Is this a bug or as intended?

Cursor is always returned

the idea is that you continue fetching until you receive no results

and the cursor is just tracking where in the result set you are - it's not necessarily an indication that there are additional results to receive

Thanks for the explanation!

hey folks 👋 I’m looking for clarification on how

ImportBulkRelationshipsResponse.num_loaded

behaves. From the docs: > All requests sent to the same invocation are executed under this single transaction. If a relationship already exists within the datastore, the entire transaction will fail with an error. Given that, does

num_loaded

always reflect the total number of relationships from the request (i.e., only returned if the whole transaction succeeds)? Or is there any case where it could be 0 even if some relationships were imported before failure, or does the atomic transaction guarantee no partial success? Thanks!

Hey folks, We just experienced something off in our spicedb instance. LookupNamespacesWithNames went up like crazy. Our db shows that the following query went up x600 in traffic, where all the rest of the traffic remained the same: SELECT serialized_config, "timestamp" FROM namespace_config AS OF SYSTEM TIME _ WHERE ((namespace = _) OR (namespace = _)) This created a hot replica in our crdb database and a bad latency increase. After a reload of spicedb everything went back to normal. We are using "v1.45.4". We haven't changed the schema recently, nor there was a deployment on spicedb, change of traffic to it. Any clue?

Has anyone ever tried pointing SpiceDB at TiDB as a MySQL datastore?

Folks, in about 45 mins @Sam and myself will do a demo of a photo-sharing app with fine-grained permissions using spiceDB. Sam built this as a demo for Kubecon last week. We'll be in the spicedb-live channel

Are there any plans on adding a consistency option to

Watch

? And if not, should I just do a uesless request to fetch a 'latest' ZedToken? I'm writing a few integration tests against in-memory SpiceDb and running into the issue that watches are capturing results from before they were started

Hi. any chance to see the recording?

Anyone using spicedb to authorize access into VMs?

SSH*