Modeling Google Cloud IAM in SpiceDB


05/02/2023, 11:46 AM
IAM modeling( is a good write-up to understand user-defined roles but one thing I am a little puzzled is how I can introduce machine users/api key kind of entity in this. I guess
apikey {}
would be a different entity like
user {}
? If it is, should we support everywhere
as well where the user was checked? Like in role we will do
user:* | apikey:*
and in binding
apikey & role->somerel
? Or there is a better alternate?
Rough draft for what I am trying to build