Hi! I have a question about the
# spicedbt
torben_26072
02/20/2024, 11:53 AMHi! I have a question about the performance of LookupResources. We're currently designing a new system with different microservices and had the idea to model and store the relations between objects only in SpiceDB. That way none of the services would have to have knowledge about the relations or permission logic. That would mean if someone opens a web interface and we want to show him every resource of a type (e.g. "document") he has access to and can edit we would have to query all of those objects from SpiceDB before showing them. Would that be possible or would LookupResources be a performance bottleneck if we have thousands (or millions) of users? (I have to admit that I don't have any experience with gRPC streaming.)
v
vroldanbet
02/20/2024, 12:14 PMLookupResourcest
torben_26072
02/20/2024, 12:45 PMThank you for your answer!
To use cursoring you would have to define the "optional_limit" and then you could continue with the "after_result_cursor" from the result until you have the complete list of resources?
If a user had let's say 100 or 1000 documents, would using cursoring for retrieving their IDs via LookupResources make sense? The set itself should not need a huge amount of memory, because it's just some IDs with some additional infos?
torben_26072
02/20/2024, 3:23 PMI did some testing with this schema and SpiceDB running in Docker: https://play.authzed.com/s/NVTEhOOCjAPS/schema
I assigned 1,000 "knowledgebases" with relation "kb_org" to "org1". And I assigned "user1" with relation "member" to "org1".
LookupResources for type "knowledgebase", permission "view" and subject "user1" took ~50 ms.
Then I created 99,000 "knowledgebases" assigned to "org2". And did LookupResources for "user1" (who is not assigned to "org2") again and it took ~70 ms.
I did the same test with 999,000 "knowledgebases" assigned to "org2" which increased the duration of the query (which is still returning the same 1,000 "knowledgebases") to ~350 ms.
Is this the expected behavior?
v
vroldanbet
02/20/2024, 3:24 PM>To use cursoring you would have to define the "optional_limit" and then you could continue with the "after_result_cursor" from the result until you have the complete list of resources?
correct
>If a user had let's say 100 or 1000 documents, would using cursoring for retrieving their IDs via LookupResources make sense? The set itself should not need a huge amount of memory, because it's just some IDs with some additional infos?
1K elements should be fine without cursors, as long as you are able to guarantee that from the application side. The moment that size grows, it would be eagerly loading a bunch of stuff in memory. And unfortunately there is a bunch of tracking happening in runtime so it requires some memory.
vroldanbet
02/20/2024, 3:28 PM>Is this the expected behavior?
are you using the memory datastore?
t
torben_26072
02/20/2024, 3:42 PMI have to admit I'm not sure what I'm using. I'm using the Docker image pulled with
docker pull authzed/spicedb Copy code
docker run \
--name spicedb-testing \
-p 50051:50051 \
authzed/spicedb \
serve-testingv
vroldanbet
02/20/2024, 3:44 PMIf you are using
serve-testingt
torben_26072
02/20/2024, 4:15 PMI'll take a look at the performance with Postgres 👍
torben_26072
02/20/2024, 6:11 PMPerformance with Postgres is a lot better.
> I did the same test with 999,000 "knowledgebases" assigned to "org2" which increased the duration of the query (which is still returning the same 1,000 "knowledgebases") to ~350 ms.
With Postgres this is now down to ~50-70 ms. 👍
v
vroldanbet
02/20/2024, 6:33 PM👍
9 Views