https://authzed.com logo
Greetings fellow members of the Spiced
j

Joshua1860

05/23/2023, 10:09 AM
Greetings, fellow members of the Spiced community! 👋 I hope you're all doing well. I'm currently encountering an issue and I'm seeking some guidance. I'm working on a business case that requires tenant isolation. Specifically, the API should only retrieve entities that are associated with the tenant of the current user. Traditionally, we would add a "tenant_id" field to the entity table and build an index around it. However, this approach doesn't allow us to incorporate additional access control beyond the tenant constraint. I've noticed that AuthZed offers a LookupResources API, which returns a list of entity IDs accessible to the current user. My plan is to create a search API based on this functionality. However, the problem is that the necessary filtering fields don't exist in spiceDB, and there's no straightforward way to implement pagination. The best solution I could come up with is to handle the filtering via access control using LookupResources, apply separate business logic-based filtering, and handle pagination in memory. However, I'm concerned about potential performance issues if the number of IDs returned by LookupResources is substantial. I would greatly appreciate any suggestions or insights you may have regarding a better solution to address this issue. Thank you in advance for your time and assistance. Best regards
v

vroldanbet

05/23/2023, 10:14 AM
👋🏻 - There is no way right now to filter
LookupResources
results based on subsets of the graph. See https://github.com/authzed/spicedb/issues/1317 and feel free to chime in with your requirements -
LookupResources
pagination landed yesterday and should be released in SpiceDB 1.22, see https://github.com/authzed/spicedb/pull/1296