celrenheit
11/09/2022, 1:19 PMapikeyA can access:
REST api (all sub-features)
GRPC api (just subset)
feature foo
feature bar
apikeyB can access:
REST api (just a subset)
baz
GRPC api (all)
How would you model something like this using spicedb/zanzibar ?vroldanbet
11/09/2022, 1:23 PMdefinition Key {
}
definition API {
relation featureA: Key
relation featureB: Key
relation allFeatures: Key
permission canAllFeatures: allFeatures + (feature & featureB)
permission canFeatureA: canAllFeatures + featureA
permission canFeatureB: canAllFeatures + featureB
}
celrenheit
11/09/2022, 1:28 PMAPI/Rest#featureA@Key:123
means apikey 123
has access to featureA
in the Rest
api, right ?vroldanbet
11/09/2022, 4:02 PMAPI:Rest#featureA@Key:123
celrenheit
11/09/2022, 4:18 PM