10/03/2021, 5:43 PM
in general, we draw a distinction between "dynamic" decisions (IP, time of day, etc) and "structural" decisions: the former is a just-in-time decision, while the latter is a permission. If the data the decision is being made upon is truly dynamic, the recommendation at the moment is to use code or a policy engine (like OPA) to make the decision, while having said code or engine call Authzed/SpiceDB to retrieve the permission. We have an experimental integration with OPA in zed here: Alternatively, if the data is updated on a periodic basis or based on a user action, then you can write said data into SpiceDB as a relationship, and
it from there. For example, a valid IP address could be written for a user, and then a user's permission could only succeed if that IP address `check`s