Hello guys, I was checking Google Zanzibar implementations and I liked SpiceDB I was taking a look and I was a bit confused about the concept of datastore, does this simply mean that the only databases I can use are those listed there? So no graph db's available, right? Also why is mysql discouraged?

Hi 👋 yeah the only ones supported are those listed, postgres, MySQL, Spanner and CockroachDB. Zanzibar was built on top of a relational database, and a lot of clever design choices were introduced to minimize access to the datastore. A graph datastore doesn't buy you anything in Zanzibar's design. I think the documentation discourages using MySQL because it's the only one Authzed does not have production experience with (it was contributed by GitHub). Aside from that, we are aware some companies are using it.

Got it, yeah, I basically arrived at a graph db due the design of the system I was proposing. Recursive directories on user profiles. Social authorization / ReBAC Similar to Google Docs, but taking into account friendships/following-status/groups/membership and the specific permisions on the directory or parent directories So I guess this can be done with Postgre + SpiceDB despite the recursivity of directories, right?

yeah recursion is something SpiceDB will be able to handle, but depends on the depth level. Deeply nested hierarchies may not perform great without what Zanzibar calls "leopard cache", which is a denormalization of those hierarchies to speed up requests. We at authzed do not offer an open source implementation of Leopard, but do offer a commercial implementation as par of our managed services.

Btw, using planetscale as mysql would be probably impossible, right?

Not necessarily impossible, but it may need some tweaks. GitHub's contribution had Vitess in mind (that's what powers Planetscale), but im not aware of anyone that has used SpiceDB with Planetscale.

I never self-hosted db's(besides sqlite on a raspberry pi) Only have experience with supabase(ory has implementation for this) and planetscale. But if I understand correctly the best option is to self-host the db, any preferred option? (I like serverless without lock-in) Your managed services offer only the authorization part, right? Wouldn't it make more sense to have both things very close to each other for latency? Also, what would happen if I needed to move out from your managed services at one point?

> Wouldn't it make more sense to have both things very close to each other for latency? the managed offerings run the datastore themselves

> the managed offerings run the datastore themselves What do you mean by that? Confusing wording, you mean that managed offerings come with a database?

yes