https://authzed.com logo
Join Discord
Powered by
namespace
# spicedb
k
namespace
Hi, I am a newbie and planning to use SpiceDB for my org. We have lot of products in my org and I want to have a centralized SpiceDB cluster serving all these products. Is it possible for each product to define their own objects, relationship and permissions not conflict with other teams? something like a namespace for each product and roles, permission and relationships defined under this namespace and lookup can happen with a namespace specified?
j
is the intention that there is crossover between those products?
or that they should be fully isolated?
k
I would like to do both. Some products can crossover, and for few I want it to be isolated
j
if they are going to crossover, you'll want to use something like prefixes to specify which types belong to which products
definition myproduct/someresource { ... }
you'll need a process to combine the schemas into a single one before calling WriteSchema
but that's a good idea anyway for validation purposes
k
any docs/pointers on how this can be done? I would like each product teams to define their own schemas and maintain it
j
right now its fairly ad hoc - most users with this use case just have a process to append the team-specific schema fragments together to produce the final one that goes into source control
we're working on a proposal to make this more well-defined
the combined schema is then validated in CI/CD
k
that will be great, looking forward to it
j
also, as mentioned in the main channel
if you want fine grained control over who can check and write portions of the schema
we're developing a solution as part of the paid offering
k
interested in knowing more
j
feel free to schedule a call at https://authzed.com/contact if you'd like to discuss it (and your other questions)
PreviousNext
Powered by