dguhr-rh
02/01/2023, 10:43 PMdelete
of a subject, say, user:user1
with the least possible api requests. Say, an employee quits and I want to delete all of their access data stored in SpiceDB. When I understand the DeleteRelationshipRequest
structure right, it's not possible to tell it "delete every relationship you can find that has user:user1 inside", so only make one call. Is that right, or am I missing something? Having to define a resource_type
in the request limits it a bit for that case, though i could imagine a potential impact on performance if not set.Jake
02/01/2023, 10:55 PMdguhr-rh
02/01/2023, 10:56 PMJake
02/01/2023, 10:57 PMactive
that points to itself, and that have all of your permissions computations require active usersdguhr-rh
02/01/2023, 10:58 PMJake
02/01/2023, 10:58 PMdguhr-rh
02/01/2023, 11:03 PMresource_type:*
or a similar approach would be possible, but then again the way it would work now, if I understand it right, would be:
1) Know all the Objects and possible relationships of the subject beforehand
2) call LookupResources for that specific User on all of them
3) make a bunch of DeleteRelationshipRequests
Also sounds costly to me, and also complicated, so thought there might be a nicer way to achieve this 🙂vroldanbet
02/02/2023, 9:19 AMdguhr-rh
02/02/2023, 10:11 AM"delete resource * relation <relation> for subject <subject>
and also delete relation * on resource <resource> for subject <subject>
) - and also https://github.com/authzed/spicedb/issues/887 - i think it needs some well formed thoughts before creating another issue 🙂