vroldanbet
02/09/2023, 4:46 PMDharsanB
02/09/2023, 5:45 PMDharsanB
02/09/2023, 5:45 PMJoey
02/09/2023, 6:00 PMResp
. If you want a good example of using the go lib, the zed
client source code is a good place: https://github.com/authzed/zed/blob/main/internal/commands/relationship.go#L222DharsanB
02/09/2023, 6:01 PMDharsanB
02/09/2023, 6:20 PMfierro
02/09/2023, 6:46 PMfierro
02/09/2023, 7:08 PMrole_binding:jake_is_reader#user@user:jake
role_binding:jake_is_reader#user@user:mitch
is the concrete example of the role_binding
model failing to enforce that "single principle for a role binding" constraint (even though you can still achieve the same outcome by binding users to roles, as in GCP, via individual role binding relations per user lol)Jake
02/09/2023, 7:34 PMfierro
02/09/2023, 7:57 PMdguhr-rh
02/09/2023, 8:02 PMfierro
02/09/2023, 8:05 PMRelations define how objects can relate to other objects. Permissions are how we interpret relations to make access control decisions
So seems like thinking of permissions as a projection of relationships isn't far off.dguhr-rh
02/09/2023, 8:35 PMfierro
02/09/2023, 11:28 PMJake
02/09/2023, 11:39 PMsoap_work
02/10/2023, 12:07 AMJoey
02/10/2023, 2:50 AMJoey
02/10/2023, 2:50 AMSjaak
02/10/2023, 5:07 AMJoey
02/10/2023, 6:00 AMJoey
02/10/2023, 6:01 AMJoey
02/10/2023, 6:01 AMdeleted_xid
is the transaction ID of when the relationship was deleted; it will be a non-max-int if the relationship was deletedJoey
02/10/2023, 6:02 AMSjaak
02/10/2023, 6:02 AMJoey
02/10/2023, 6:03 AMJoey
02/10/2023, 6:04 AMSjaak
02/10/2023, 6:04 AMJoey
02/10/2023, 6:04 AMJoey
02/10/2023, 6:04 AMJoey
02/10/2023, 6:04 AM