Feature request: for a given subject and... SpiceDB #spicedb

Join Discord

Feature request: for a given subject and...

# spicedb

Joey

09/18/2023, 5:27 PM

https://github.com/authzed/spicedb/issues/1173

Rodolfo

09/18/2023, 5:39 PM

thank you. I have my work around for now 💪 If you need / want me to specify my use case & model, I can do it. For now it is the mixture of "Google IAM in SpiceDb" and aiding the Frontend to understand what capabilities the user has for a given Resource. That Resource (lets call it Partner or Company) ties / has a relation with all top level company resources.

Joey

09/18/2023, 5:40 PM

Please add your +1 and any usage details to the issue, if you don't mind

Joey

09/18/2023, 5:40 PM

so is this for the frontend case?

Rodolfo

09/18/2023, 5:42 PM

not exclusively, but yes. I also think we will integrate with snowflake which uses its own thing, but I will likely need to list the permissions there aswell to map it out to snowflake permissions

Rodolfo

09/18/2023, 5:46 PM

so we way we are thinking to do it is: Each permission maps out a HTTP Method + Resource (ofc

post

and

get all/list

need to stay at an aggregator resource) SInce all information belongs to a partner, such top level / aggregator is useful for permissions Inheritance

Joey

09/18/2023, 5:49 PM

so the one consideration is if we listed every permission, we'd have to issue a lot of checks to compute that

Rodolfo

09/18/2023, 6:01 PM

for my specific use case, I would have both the subject and the resource

Rodolfo

09/18/2023, 6:03 PM

so perhaps similar to the RR with a diferent output

Rodolfo

09/18/2023, 6:03 PM

and perhaps less optionals

Joey

09/18/2023, 6:13 PM

you could use BulkCheck, if you know the permissions ahead of time

Previous Next