https://authzed.com logo
Join Discord
Powered by
ReadPermissions rpc
# spicedb
b
Hi everyone Is there a way I can answer the question "what permissions does subject X have on object Y?". Do you plan adding something like ReadPermissions rpc?
@yetitwo I wanna have an API that replies with a list of permissions that a user has on the document. 
BulkCheckPermissions
doesn't fit my use case because the caller needs to know all the possible permissions on the definition in order to use it. My SpiceDB schema might change in the future and I don't feel comfortable hardcoding schema-related stuff on the client side.
y
how else are you going to do it?
the schema defines your contract
if the permissions change, the client can't make use of that information without making code changes
we're having this same conversation at my company right now and the conclusion i've arrived at is that even if this API existed, it wouldn't win you much
b
The client which only sends 
CheckPermission
requests indeed should know the permissions beforehand. However, my use case is a bit different. Imagine an admin dashboard, I want to display to the administrator not only relations between the user and the document, I want my admin to see what those relations actually mean. E.g. I can tell that user X is a manager in a group Y. But "manager" is a bit vague. Can "manager" delete members from the group? I want to be able to answer such questions.
For some reason there already exists an API 
ReadRelationships
. 
ReadPermissions
rpc shouldn't be very hard to implement, given that SpiceDB already knows the schema.
j
Reflection APIs provide this info
They just released
Call it to get the list of possible permissions and then use them in Check bulk
Note that this won’t scale after a certain point and that hard coding permissions is better
But if you expect it to remain small, reflection will work
b
thanks! Definitely gonna take a look
16 Views
PreviousNext
Powered by