https://authzed.com logo
https github com authzed spicedb issues
j

Joey

04/19/2023, 8:42 PM
https://github.com/authzed/spicedb/issues/207, but what question, exactly, are you trying to answer?
f

Francisco Correia

04/19/2023, 9:33 PM
Which objects does user X have access to? Where user X could be part of an admin group which has access to a lot objects or just a normal user which has access to few. I've read many messages about pre and post filtering and even some about multiple API calls where the first query is used check what groups the user has access (less granular access check) to and then if that fails (no group access) doing a full lookup.
But there has been much detail. Are there any resources around similar use cases and how they've been solved before?
j

Joey

04/20/2023, 3:18 AM
that issue covers the current line of thinking
m

mrk

04/21/2023, 7:05 PM
@Joey what is current status of the above #207 issue? In my company we are just evaluating different FGA services for our upcoming project and ability for
fast ACL-aware filtering
is really important for us
j

Joey

04/21/2023, 7:06 PM
still in the exploration phase
m

mrk

04/21/2023, 7:10 PM
I see some parts of your proposal are already implemented, like LookupSubjectsRequest. ReachableResourcesRequest is still missing, right?
I guess having ReachableResourcesRequest it should be possible to convert stream of tuple changes to user-permission index
(even without this Tiger caching)
j

Joey

04/21/2023, 7:12 PM
ReachableResources is part of LookupResources
LookupResources being the current API that returned the accessible resources