10/02/2022, 4:50 PM
I see. I have to understand what caveats are. But in general anything that decreases the need to keep spiceDB in sync with every entity that has to do with permissions would help. Keeping in sync is one of the major obstacles to adopting this technology as there is no simple way to solve for the dual write problem. So for example in my current use case permissions are essentially dependent on the concept of location. Locations can be multilevel hierarchical structure, but the rules for permissions on things (aggregates or entities) that are at a given location are pretty much the same. What matter is the location. So the sync problem for my model would simplify extremely if I could check for permission passing two contextual tuples: the user membership to a group and the thing's location. Yes locations, groups, roles would still need to be synced, but everything could be dynamic.