https://authzed.com logo
We had a usage question is it possible
w

wolfv

05/05/2023, 6:39 AM
We had a usage question: is it possible to list / search many objects from a database and filter based on authorization? Like suppose I have hundreds of documents and want the user to be able to search only in the ones that belong to him, we're currently wondering how one would implement that best with something like SpiceDB? If all data was stored in a traditional DB, then one could just JOIN the relevant permissions table and filter based on that, but we currently don't see how that would be done with SpiceDB, for example.
v

vroldanbet

05/05/2023, 9:23 AM
1. if the number of elements to authorize is relatively low, you can use
LookupResources
and join with your database using
IN
clauses 2. the upcoming paginated
LookupResources
would allow you to fetch pages of authorize resources, which you can use to paginate your application UI, assuming you don't need specific ordering and are fine with the order coming from SpiceDB (which is deterministic) 3. if none of the above works, then the large-scale solution we have in mind is denormalizing the results of
LookupResources
closer to your application database using
LookupWatch
, see https://github.com/authzed/spicedb/issues/207
w

wolfv

05/05/2023, 1:51 PM
@voldemort02 thanks for the speedy and informative reply! Sounds like we understood it correctly then that it is a bit more tricky 🙂 I really like the way the spice permission model and everything looks. We'll hopefully come back to this when we reach the right scale