https://authzed.com logo
Modeling Google Cloud IAM in SpiceDB
s

shark

05/02/2023, 11:46 AM
IAM modeling(https://authzed.com/blog/google-cloud-iam-modeling) is a good write-up to understand user-defined roles but one thing I am a little puzzled is how I can introduce machine users/api key kind of entity in this. I guess
apikey {}
would be a different entity like
user {}
? If it is, should we support everywhere
apikey{}
as well where the user was checked? Like in role we will do
user:* | apikey:*
and in binding
apikey & role->somerel
? Or there is a better alternate?
Rough draft for what I am trying to build https://play.authzed.com/s/FDVGp129UIpF/schema