I'm using Spice Db for evaluation purposes, so far so good, it seems to be a great product.
I have 2 classic use cases remaining in my micro-service environment (most micro-services will have this kind of usage), and I'm not sure how to handle them with spiceDb (my knowledge is quite limited atm 😦 ).
The first one is when I need to return a list of data.
When I don't have any authorization check, I just execute a select statement with a where clause and voila.
But now, I'll need to return only the data where the user has 'read' permission.
There will be at the very least 150.000 objects in the database.
This is the same as the issue https://github.com/authzed/spicedb/issues/280
Pre and post filtering are a no-go with 150.000 objects.
The only solution remaining AFAIK is duplicating the permission data from spicedb to the microservices database.
And from what I understand, the clean solution would be to wait for https://github.com/authzed/spicedb/issues/207:
I'll then need to call the Lookup Watch API to be notified of any changes to any users permissions
And then do a RoaringLookup to copy the roaring bitmap permissions into my micro-serevice database.
I'll be able then to issue a select on my application data with a join on the permission local table.
Is that right or is there a cleaner way to solve this issue?