HI All, I am trying to self host spice DB for impl...
# spicedb
HI All, I am trying to self host spice DB for implementing access management framework in my system. Can anyone please tell, whether are there APIs/mechanism through which I could update my relationship schema based on User-input? For example, My system will ask a user to give restricted access to some resources/modules to his subordinate (new user he is adding) based on his/her requirements, so is there a way through which I could update the relation schema and restrict the module's access for that newly added user only? Thanks in advance
Are the resources pre-defined or are those going to be defined by the user as well? If the former, maybe this would be useful - https://authzed.com/blog/user-defined-roles if the latter, you could use
in your API after converting some data from the API call into spicedb's schema DSL, but not sure if there would be any implications there
resources will be pre-defined, only the permissions to them(view/edit) willl be defined by user, Thanks a lot for these links, will go thru them:)
One more help I needed, My system will have REST APIs but SpiceDB understands gRPC, I got to know thru grpc gateway, I can make my REST API interact to spicedb schema, but can u pls help me out with some tutorial links for this alongwith some reference on how to self host spicedb? I cud only find authzed blogs on the same, needed some more references... Thnks in advance
Basically, I needed some detailed references on how to self host & maintain spicedb
Hi 👋🏻 just to be clear, we should distinguish between making user input change the schema vs change the relationships in that schema. The analogy would be the same as letting a user input change a SQL schema (i.e. DDL statements like
) versus changing letting user input change the data in that schema (i.e. DML statements like
). We recommend defining a schema upfront that captures all your business domain and then calling the SpiceDB API to essentially do relationship CRUD with
API methods. The suggestion from @perseus29 above is a good place to start with an RBAC model. And as he indicated, letting user input change the schema via
is possible, but those are expensive operations. Unless strictly necessary in your model, I'd advice against that. SpiceDB exposes a REST Gateway. You can try our newly built Postman Workspace: https://www.postman.com/authzed/workspace/spicedb/overview In our docs we have a section for installing and configuring SpiceDB: https://authzed.com/docs/spicedb/installing. For self-hosting SpiceDB we recommend using Kubernetes and the spicedb-operator, which automates configuring the cluster and running the datastore migrations for you: https://github.com/authzed/spicedb-operator.