Schema Language SpiceDB #spicedb

Schema Language

theconductor

05/23/2024, 6:55 PM

Could someone help me clarify this statement under this section of the docs? - https://authzed.com/docs/spicedb/concepts/schema#--arrow > It is recommended that the right side of all arrows refer to permissions, instead of relations, as this allows for easy nested computation, and is more readable. I'll put the docs example in 🧵

theconductor

05/23/2024, 6:57 PM

Copy code

definition user {}
 
definition folder {
    relation reader: user
    permission read = reader
}
 
definition document {
    relation parent_folder: folder
    relation reader: user
 
    /**
     * read defines whether a user can read the document
     */
    permission read = reader + parent_folder->read
}

In this case, for the very last permission, why was it better to do

parent_folder->read

instead of

parent_folder->reader

theconductor

05/23/2024, 6:58 PM

Specifically wondering about the "easy nested computation" part

Joey

05/23/2024, 7:07 PM

because imagine if you then wanted to have the folder's

read

to reflect two roles

Joey

05/23/2024, 7:07 PM

you'd have to change all the arrows pointing to it

Joey

05/23/2024, 7:07 PM

vs if you do

permission read = reader

Joey

05/23/2024, 7:07 PM

you can just edit that permission and all the arrows continue working

theconductor

05/23/2024, 8:06 PM

ahhh that makes sense, so it's something that helps me as a dev, not that it helps spicedb enforce permissions faster or something

Joey

05/23/2024, 8:07 PM

Joey

05/23/2024, 8:07 PM

SpiceDB will optimize it regardless

Joey

05/23/2024, 8:07 PM

it will see

read = reader

and alias over to

reader

5 Views

Previous Next