Hi everyone I am trying to set an optional relation to my us SpiceDB #spicedb

Join Discord

Hi everyone I am trying to set an optional relati...

# spicedb

prasanna

06/20/2022, 7:33 AM

Hi everyone I am trying to set an optional relation to my user but unable to do it

vroldanbet

06/20/2022, 8:11 AM

👋🏻 hi! can you expand on what you mean with "optional"? writing relationships is not mandatory and permissions in an object type can be evaluated with relations being unset.

prasanna

06/20/2022, 8:50 AM

The optional relation column in relationship

prasanna

06/20/2022, 8:50 AM

How do we really set it

prasanna

06/20/2022, 8:52 AM

prasanna

06/20/2022, 8:52 AM

vroldanbet

06/20/2022, 9:23 AM

oh, I see what you mean! It's failing because relation

writer

is of type

blog/user

, and you are trying to assign it to a

group

. If you want to write the relationship on

grouping

, you need to make

relation writer: blog/user | group

prasanna

06/20/2022, 9:24 AM

Will try

prasanna

06/20/2022, 9:24 AM

Could you ping me any documents on this

prasanna

06/20/2022, 9:24 AM

I searched all over the blog and website but could not find any

prasanna

06/20/2022, 9:25 AM

I need an explanation of how to creeate an optional relation and assign it to a resource

vroldanbet

06/20/2022, 9:27 AM

I can have a look at the docs and see if I can find any reference to this.

vroldanbet

06/20/2022, 9:28 AM

I actually misled you, and the relation should be like this:

relation writer: blog/user | blog/user#grouping

vroldanbet

06/20/2022, 9:28 AM

so it says "this relation points to

blog/user

or to the grouping relation in `blog/user`"

vroldanbet

06/20/2022, 9:40 AM

@prasanna all I could find was https://docs.authzed.com/reference/schema-lang#subrelations, which refers to it as "subrelation", whereas the playground refers to it as "optional relation". I think we need some naming consistency here cc @Joey

prasanna

06/20/2022, 11:24 AM

It’s very tough to@understand the whole concept of optional relation with this document Hope I can get more info

vroldanbet

06/20/2022, 11:25 AM

would you perhaps help me understand what you are trying to achieve?

prasanna

06/20/2022, 5:59 PM

We have a whole entitlement spice db ApI set and I am trying to understand the parameters and the spicedb terminology related to real time scenarios

Joey

06/20/2022, 6:27 PM

so the optional subject relation allows you to link one relation to another

Joey

06/20/2022, 6:27 PM

rather than to a subject "directly"

Joey

06/20/2022, 6:27 PM

a canonical example might be if you have a relation representing a role on a resource

Joey

06/20/2022, 6:27 PM

like, say:

Joey

06/20/2022, 6:27 PM

Copy code

definition user {}

definition team {
  relation direct_member: user
  permission member = direct_member
}

definition resource {
  relation viewer: user
  permission view = viewer
}

Joey

06/20/2022, 6:28 PM

now, what happens if you want to grant the

viewer

"role" to all members of a particular team?

Joey

06/20/2022, 6:28 PM

you could add each user from that team to

viewer

, but that means they are now all individually managed

Joey

06/20/2022, 6:28 PM

you could, also, have a

relation viewer_team: team

and use an arrow, but that means having two relations

Joey

06/20/2022, 6:28 PM

instead, you can do this:

Joey

06/20/2022, 6:28 PM

Copy code

definition user {}

definition team {
  relation direct_member: user
  permission member = direct_member
}

definition resource {
  relation viewer: user | team#member
  permission view = viewer
}

Joey

06/20/2022, 6:29 PM

by adding

team#member

you can write a relationship on

viewer

between the resource and any member of a team as a whole

Joey

06/20/2022, 6:29 PM

and SpiceDB will just walk to

member

to check for the users

prasanna

06/21/2022, 4:09 AM

Thanks a lot @vroldanbet and @Joey

Previous Next