Hi - we are users (and big supporters) of SpiceDB. It currently powers the RBAC permissions in our application. We are a financial app, and have a dynamic hierachy of what financial transactions a user can see in their organization based on permissions in SpiceDB - all built in application level logic. We are investigating using an OLAP database to provide real-time user facing metrics (eg: Admin of org can see all transactions, team lead can see a subset, team member can see only their transactions but more fine grained due to the power of SpiceDB). We are working through how to project the permissions in SpiceDB into an OLAP db. One approach is to query SpiceDB, get a list of IDs, and then query the OLAP db with those ids. Another approach would be to clone (at some interval) the read permissions from SpiceDB into our OLAP db so we could join natively. Thoughts/ideas/"you're an idiot"/etc? Thanks in advance

👋can you elaborate what "project the permissions in SpiceDB"? Do you want to store, say, the results of

LookupResources

for all users in the system into the OLAP db?

and some followup questions: 1) how large do you expect the ID list to be for a given user? 2) how much lag time is acceptable?

we currently have single digit millions of entities, and 10ks of thousands of users. my initial thinking was to have a lookup in the OLAP of user_id:entity_id for all read permissions. potentially cloned every n minutes. or batched and triggered by changes. 1) a single user may have thousands of entities 2) how little lag time is possible? near real time is the ideal for many of these calculations 3) we are looking at clickhouse, curious about RedShift, and casting about for others

how long does your LR calls take on a per user basis right now?

I'm not sure - I will ask my team