https://authzed.com logo
Join Discord
Powered by
# spicedb
  • e

    ensonic

    07/07/2025, 5:50 PM
    There was a formatting error (used
    :
    instead of
    =
    in a relations) , but not line nr on the error, which is fun on a long file
  • y

    yetitwo

    07/07/2025, 5:52 PM
    ahhh yeah that's not ideal. we're dropping that context somewhere. i'll add an issue to the repo.
  • y

    yetitwo

    07/07/2025, 6:18 PM
    clarification: is this with the
    schema:
    key or with the
    schemaFile:
    key?
  • y

    yetitwo

    07/07/2025, 6:18 PM
    https://github.com/authzed/zed/issues/529
  • e

    ensonic

    07/07/2025, 6:43 PM
    I'll add the example tomorrow when I am back at work
  • y

    yetitwo

    07/07/2025, 7:18 PM
    thank you!
  • Hello All , I am tring to WATCH spicedb
    a

    Arvind

    07/08/2025, 6:14 AM
    Hello All , I am tring to WATCH spicedb using java authz api version 1.3 , using streaming .. when I connect to local spicedb works which is over http but when I connect to devbox exposed over ssl its not getting data , I check server cert and imported to application but still its failing , i can see TLS1.3 is used and hanshake is success
    y
    • 2
    • 1
  • Hello Guys.
    r

    Rodolfo

    07/08/2025, 1:13 PM
    Hello Guys. I have a slight problem in production where my pods are restarting due to a` invalid memory address or nil pointer dereference` 🧵
    y
    m
    • 3
    • 26
  • d

    DominikGuhr

    07/09/2025, 10:26 AM
    Hey folks. A rather broad question: Is there any effort ongoing to help openID authZEN or to support the implementers draft? Context: I've just checked out

    https://www.youtube.com/watch?v=MTAXC0ZaXcE▾

    and found it very fitting, esp. with the bulk calls they add in draft 1.1
  • d

    DominikGuhr

    07/09/2025, 11:59 AM
    nvm, just found https://discord.com/channels/844600078504951838/900405749405089812/1359904145422815323 - let's put it that way: I understand the "little traction" argument, but i'd love an open standard and customers should, too 😉
  • n

    nemosupremo

    07/11/2025, 1:59 AM
    Hi, I am on a very old version of spicedb (1.13) + mysql8. I'm trying to figure out what i need to do to upgade, but it seems like the only way is checking all the github releases? Basically I want to know if I can just upgrade to the latest and migrate, or are there any major "stepping stones" I need to upgrade to first?
  • j

    Joey

    07/11/2025, 2:19 AM
    are you using any of the experimental APIs or the old V0 API?
  • n

    nemosupremo

    07/11/2025, 2:20 AM
    github.com/authzed/authzed-go/proto/authzed/api/v0
    is the v0 api? we aren't using it
  • n

    nemosupremo

    07/11/2025, 2:20 AM
    and no experimental apis
  • j

    Joey

    07/11/2025, 2:22 AM
    then it should be safe, minus some flags that we've removed. I'd recommend backing up your datastore entirely, then trying the migration on a copy
  • j

    Joey

    07/11/2025, 2:22 AM
    if that works without issues, then upgrade the real install
  • zed/internal/cmd/import.go at main · aut...
    e

    ensonic

    07/14/2025, 12:51 PM
    Hey, on service startup we import the schema into spicedb, this has been working great for a long time, but all of a sudden today we get error like `failed to write schema: rpc error: code = InvalidArgument desc = cannot delete object definition
    group
    , as a relationship exists under it`. The code is basically doing the same as
    zed import
    (https://github.com/authzed/zed/blob/main/internal/cmd/import.go#L109C6-L109C18).We sporadically saw this error in the logs, but today it just happens on every start of the service. The error is always
    cannot delete object definition
    with with a seemingly random type. We're a bit behind with updates (1.33.1). Any idea why the system believe we want to update an object definiton? The schema has all the definitons as before, so far we only ever added things
    y
    • 2
    • 7
  • n

    nemosupremo

    07/14/2025, 2:55 PM
    On the latest version of spicedb I'm seeing (with mysql): "unable to query relationships: scan err: sql: Scan error on column index 3, name \"caveat_context\": unsupported type: []uint8"
  • Spicedb 1.45.1, MySQL 8.0.40
    n

    nemosupremo

    07/14/2025, 3:00 PM
    Spicedb 1.45.1, MySQL 8.0.40
    y
    • 2
    • 3
  • n

    nemosupremo

    07/14/2025, 3:07 PM
    https://github.com/authzed/spicedb/issues/2500
  • y

    yaroslavb

    07/14/2025, 4:43 PM
    Good morning. Can anyone tell what I am doing wrong? I can't seem to write this relationship using the Java API. I am getting this error. Nevermind. I was looking at the wrong block of code. This works as expected 👍 "INVALID_ARGUMENT: subjects of type
    organization_usergroup
    are not allowed on relation `environment#accessor`; did you mean
    organization_usergroup#member
    ?""
    Copy code
    yaml
    defintion solution {
      relation launcher: user | organization_usergroup#member
    }
    Copy code
    java
    WriteRelationshipsRequest request = WriteRelationshipsRequest.newBuilder()
                    .addUpdates(RelationshipUpdate.newBuilder()
                            .setOperation(RelationshipUpdate.Operation.OPERATION_TOUCH)
                            .setRelationship(Relationship.newBuilder()
                                    .setResource(ObjectReference.newBuilder()
                                            .setObjectType("solution")
                                            .setObjectId(solutionId)
                                    .setRelation("launcher")
                                    .setSubject(SubjectReference.newBuilder()
                                            .setObject(ObjectReference.newBuilder()
                                                    .setObjectType("organization_usergroup")
                                                    .setObjectId(targetUserGroupId))
                                            .setOptionalRelation("member"))))
                    .build();
  • Hi, I want to integrate spicedb with
    b

    Bharat

    07/14/2025, 5:11 PM
    Hi, I want to integrate spicedb with Istio service mesh for Authorization. I believe web assembly could help me . Does anyone have any suggestions or GitHub link for the same.
    y
    • 2
    • 17
  • To avoid exceeding our database’s
    g

    George Tsopouridis

    07/15/2025, 6:45 AM
    To avoid exceeding our database’s connection limit (RDS Postgres with 1.6K max connections), we apply this pattern at the moment -> replicas (number of SpiceDB pods) × (readMaxOpen + writeMaxOpen) ≤ db.max_connections – headroom. When having a RDS proxy in front of the database, do you have any suggestions on how to configure properly the readMaxOpen and writeMaxOpen connections on SpiceDB level? Should the logic remain the same? Thanks in advance.
    y
    • 2
    • 9
  • b

    Benedikt (Flowers-Software)

    07/16/2025, 11:31 AM
    Hey, i understand the general recommendation is to save zookies or zedtokens on the row level. Given a schema like this:
    Copy code
    definition user {}
    
    definition team {
        relation member: user
    }
    
    definition folder {
        
        relation admin: user | team#member
        permission create_file = admin
    }
    
    definition file {
        relation parent: folder
        relation editor: user | team#member
        permission edit = parent->create_file + editor
    }
    can i save the zedtokens on the file level? Will it handle changes to the folder#admin relation / team#member relation?
  • y

    yetitwo

    07/16/2025, 4:15 PM
    the idea is that when you change the contents of a file or its relationships (e.g. moving it from one folder to another), you get a zedtoken and then save it on your DB representation of the file
  • y

    yetitwo

    07/16/2025, 4:15 PM
    we typically phrase the new enemy problem as whether someone is able to see updates to a file that have happened since they lost access
  • y

    yetitwo

    07/16/2025, 4:16 PM
    so you check on the file when the user attempts to access the file's contents
  • y

    yetitwo

    07/16/2025, 4:16 PM
    and otherwise you don't worry about changes to other parts of the tree
  • y

    yetitwo

    07/16/2025, 4:17 PM
    like if a user loses access to a file but that file still comes back in a LookupResources request, that's not necessarily a problem because they don't have any new information about the file
  • Is lookupresources computed in realtime
    c

    cyborg

    07/17/2025, 8:39 AM
    Is lookupresources computed in realtime or does it use a cache? My problem is, i have a user that has to load multiple list endpoints on page load. All of these list endpoints call lookupresources with the same parameters and it seems that they slow eachother down. The call returns ~1000 ids. What would be the best way to handle this?
    y
    • 2
    • 2