IAM modeling(https://authzed.com/blog/google-cloud...
# spicedb
IAM modeling(https://authzed.com/blog/google-cloud-iam-modeling) is a good write-up to understand user-defined roles but one thing I am a little puzzled is how I can introduce machine users/api key kind of entity in this. I guess
apikey {}
would be a different entity like
user {}
? If it is, should we support everywhere
as well where the user was checked? Like in role we will do
user:* | apikey:*
and in binding
apikey & role->somerel
? Or there is a better alternate?
Rough draft for what I am trying to build https://play.authzed.com/s/FDVGp129UIpF/schema