https://github.com/authzed/spicedb/issues/207, but...
# spicedbj
Joey
04/19/2023, 8:42 PMhttps://github.com/authzed/spicedb/issues/207, but what question, exactly, are you trying to answer?
f
Francisco Correia
04/19/2023, 9:33 PMWhich objects does user X have access to? Where user X could be part of an admin group which has access to a lot objects or just a normal user which has access to few. I've read many messages about pre and post filtering and even some about multiple API calls where the first query is used check what groups the user has access (less granular access check) to and then if that fails (no group access) doing a full lookup.
Francisco Correia
04/19/2023, 9:35 PMBut there has been much detail. Are there any resources around similar use cases and how they've been solved before?
j
Joey
04/20/2023, 3:18 AMthat issue covers the current line of thinking
u
_mrk__
04/21/2023, 7:05 PM@Joey what is current status of the above #207 issue? In my company we are just evaluating different FGA services for our upcoming project and ability for
fast ACL-aware filteringj
Joey
04/21/2023, 7:06 PMstill in the exploration phase
u
_mrk__
04/21/2023, 7:10 PMI see some parts of your proposal are already implemented, like LookupSubjectsRequest.
ReachableResourcesRequest is still missing, right?
_mrk__
04/21/2023, 7:11 PMI guess having ReachableResourcesRequest it should be possible to convert stream of tuple changes to user-permission index
_mrk__
04/21/2023, 7:12 PM(even without this Tiger caching)
j
Joey
04/21/2023, 7:12 PMReachableResources is part of LookupResources
Joey
04/21/2023, 7:12 PMLookupResources being the current API that returned the accessible resources
3 Views