Which objects does user X have access to? Where user X could be part of an admin group which has access to a lot objects or just a normal user which has access to few. I've read many messages about pre and post filtering and even some about multiple API calls where the first query is used check what groups the user has access (less granular access check) to and then if that fails (no group access) doing a full lookup.
But there has been much detail. Are there any resources around similar use cases and how they've been solved before?
04/20/2023, 3:18 AM
that issue covers the current line of thinking
04/21/2023, 7:05 PM
@Joey what is current status of the above #207 issue? In my company we are just evaluating different FGA services for our upcoming project and ability for
fast ACL-aware filtering
is really important for us
04/21/2023, 7:06 PM
still in the exploration phase
04/21/2023, 7:10 PM
I see some parts of your proposal are already implemented, like LookupSubjectsRequest.
ReachableResourcesRequest is still missing, right?
I guess having ReachableResourcesRequest it should be possible to convert stream of tuple changes to user-permission index
(even without this Tiger caching)
04/21/2023, 7:12 PM
ReachableResources is part of LookupResources
LookupResources being the current API that returned the accessible resources