https://authzed.com logo
#spicedb
Title
# spicedb
u

_galaf

04/03/2023, 1:36 AM
Hello! I have a few questions regarding SpiceDB. My company is planning to redo the ACL system fundamentally and therefore, I've been looking for battle-tested and high performance solutions. I read the website several times, looked at all repositories and watched most (all?) of the YouTube videos regarding SpiceDB. But a lot of the documentation is about making the schema and there is very documentation about actually using and maintaining the system code-wise. First of all, our use-case would not be fine-grained, at least not at first. We generally want an all or nothing approach such as: "customer can list products", "customer can sell products", etc. In such a case, would be it acceptable to make relations such as:
product:* list user:5555
? My second question would be related to caching the permissions. Clearly SpiceDB already has some sort of caching in place but there isn't much detail about what it actually does. In our case, we would be using Spanner. Should I be assuming that you're using time-bound reads? If so, what is the default value used? (Caching would not be the appropriate keyword there but please humour me) Should the need arise, perhaps we should cache the responses on our side as well? Do you have any recommendation regarding this? My third question is about schema updates. If I were to update the schema for whatever reason, if I don't backfill the relations, the old schema would be used. But I don't see any reference to the schema in any response coming from the protobuf. How can I ensure that my current schema is actually in use? It would really suck if, after a month or two, we notice that some customers are not being verified against the current schema but some old versions.
2 Views