SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

this page shows an example <@1003626257889636472> https://authzed.com/docs/reference/caveats#schema

thanks <@353833258946920448> - jftr: i am particularly interested if we have access to actual values from the input request, like OPA does for example... here's an actual example where I think caveats could be a way to go to model these attribute filters: https://github.com/RedHatInsights/playbook-dispatcher#authorization 

(i know you could also model the whole intent otherwise, but let's just assume I want to use caveats for this).

oh i see, one would need to fill the actual CheckPermissions request with a `Context` field when I see this correctly 🙂

Correct, caveat context is provided as part of `CheckPermissionRequest`, `LookupResourcesRequest` and `LookupSubjectsRequest`

it's based on `structpb` package with google, which allows us to define maps to be provided on request time

yep, understood. great to know that you thought of lookupresources and lookupsubjects, too, as that might enable what I have in my mind. Will come up with an example of the use case above shortly i hope 🙂