Hi all, i was wondering about how the upcomming Authzed Materialize works in cases like chat apps or activity tracking. My tought was to use it and then slap a Posgres RLS policy on all my app tables that enforces access control, however a few tables like a chat and the activity events are readably by alot of users and have temself lots of entries. Authz requests can easily be settled with one relation hop for e.g. chat groups but from what i have gathered not stored in materialized. What would be a good way to not store millions of rows of extra data while allowing the basic principal of RLS to work ? (Our app would greatly benefit from materilaized for 95% of all entities, the other 5% would make up most of the rows stored)

how are you thinking you'd use postgres-level RLS? the typical usage of SpiceDB would be instead of RLS. materialize lets you choose which permissions (and therefore which entities) are precomputed. if you use it in accelerated query mode, subproblems that can be dispatched to materialize get dispatched to materialize, and those that can't get evaluated normally by SpiceDB.

the thought was: storing the materialized entries in a pg table and then having one RLS rule for all tables that checks there. but i only have the infos from the basically not yet existing docs maybe im miss-understanding something

here's an interactive example of the data that you'd get from WatchPermissionSets from Materialize and how you might write the DB queries: https://dbfiddle.uk/dX10Cu3Z