Any ideas why my schema command is working with

zed schema write schema/schema.zed --endpoint localhost:50051 --insecure --token=devkey

and returning with error code 0 but when I run this I am getting nothing back? it:(main) ✗ zed schema read --endpoint localhost:50051 --insecure --token=devkey 12:48AM ERR terminated with errors error="rpc error: code = NotFound desc = No schema has been defined; please call WriteSchema to start" ➜ ryan-repository-testing git:(main) ✗

This is with me using the Spanner datastore, if that helps

what happens when you run

zed context list

?

10:28AM ERR terminated with errors error="config did not exist"

Followup question: Does SPiceDB have a call that I can get what permissions exist more generally?

I sohuld mention that I am attempting to do this via local spanner emulator

SEtting context still results in failure here, ocmmand passes but results in

➜  ryan-repository-testing git:(main) ✗ zed schema read

10:47AM ERR terminated with errors error="rpc error: code = NotFound desc = No schema has been defined; please call WriteSchema to start"

My instance is giving me

{"level":"info","protocol":"grpc","grpc.component":"server","grpc.service":"authzed.api.v1.SchemaService","grpc.method":"WriteSchema","grpc.method_type":"unary","requestID":"d3sfo5pk1etc73epke9g","peer.address":"172.18.0.1:50452","grpc.start_time":"2025-10-22T15:45:27Z","grpc.code":"OK","grpc.time_ms":3,"time":"2025-10-22T15:45:27Z","message":"finished call"}
`

yes, there is a reflection API

Spanner emulator does not implement the full set of operations necessary for SpiceDB to function and is therefore not supported

el classico

alright

we use it for testing but we know what works and doesn't, so it should not be relied upon for general usage

Kinda gross, because I will need to know what permissions are available on a specific type for rendering pages about things to turn on / off for a specific resource

Spanner in production is fine though I assume?

you'll need to know the semantics of the permissions/relations anyway; you'll likely need to do this during compilation

yes

I suppose that is true to some extent, let me think about this later.

Alright thanks for the information, we'll use Postgres as a local store for the time being then.

Hi folks! SpiceDB dev here. I want to get y'alls opinion: would adding a flag to disable tracing for healthcheck calls be useful? If yes, please give this message a 👍 . I am trying to gauge whether people care about traces for healthchecks (in which case a flag would be handy), or if we can just disable traces for healthcheck requests completely.

What is a commonly associated way of doing this pattern: Say I have a user that has a permission on 5 different type objects that all inherit from each other. I want to make sure that they have an effective permissions call of TRUE if all of them are set to true for a specific objects permission, but I want to represent the idea of "unset" and there fore inherit the permissions sometimes. How does that work in a system like SpiceDB to get this type of behavior?

you'd use an intersection arrow and remove the relationship on the parent type if it was unset

Hey guys is the flag

--enable-revision-heartbeat

compatible with

--datastore-readonly

? Thanks 🙂

Technically, no, as it needs to perform writes to update it

Not sure where to ask this question, asking here. Anyone can help? https://cdn.discordapp.com/attachments/844600078948630559/1432348376459903027/message.txt?ex=690162a0&is=69001120&hm=facceb5bb8436964e10f9f77f8a7ba009c2d743dddb420669b9b2eec11171a6e&

I am looking to implement fine grained permissions as described [here](https://authzed.com/docs/spicedb/modeling/access-control-management#fine-grained-access-control) but with inheritance - if the same permission is granted at the org level it is inherited by any child repo. This is what I've come up with, but I am getting a `under permission

create_issue

under definition `repository`: permissions cannot be used on the left hand side of an arrow (found

org_grants

)` error. Suggestions?

definition user {}

definition team {
    relation member: user
}

definition org {
    relation direct_grants: role_grant

    // permissions
    permission create_issue = direct_grants->create_issue
    permission delete_issue = direct_grants->delete_issue

    // export
    permission grants = direct_grants
}

definition repository {
    // imports
    permission org_grants = org->grants

    // belongs to exactly one
    relation org: org

    // grants
    relation direct_grants: role_grant

    // permissions
    permission create_issue = direct_grants->create_issue + org_grants->create_issue
    permission delete_issue = direct_grants->delete_issue + org_grants->delete_issue
}

// Definition of role grants
// A role grant assigns the permissions of a role to a user or team
definition role_grant {
    relation role: role
    relation grantee: user | team#member
    permission create_issue = role->create_issue & grantee
    permission delete_issue = role->delete_issue & grantee
}

// Definition of roles
// Each role defines a set of permissions that can be granted to users or teams
definition role {
    relation create_issue: user:*
    relation delete_issue: user:*
}

Hi, does the SpiceDB API provide support for pagination when querying data. Specifically, I would like to know if the API allows clients to define a page size (i.e., the number of results per page) and a page number or offset, enabling the retrieval of paginated results.

yes, for LookupResources and ReadRelationships. Not currently for LookupSubjects or Expand

you mean the cursorsright? But you cannot set the cursor to a specific page or?

no, but you can continue and set a limit