https://authzed.com logo
Title
b

bala

02/27/2023, 2:11 PM
User needs to be part of specific N groups.(Sorry for the late response)
Can we somehow use caveats to solve this, I am kind of stuck with this.
p

pdow

02/28/2023, 12:53 PM
Sounds like this might be another use-case for this proposal: https://github.com/authzed/spicedb/issues/597
b

bala

02/28/2023, 1:05 PM
cool, should solve this problem. Is there any roadmap for this ?
p

pdow

02/28/2023, 1:06 PM
Or, if N is constant, you could define N static relationships and then do an intersection of them `relation link_1: some_resource_type`and then do
permission allowed = link_1 & link_2 & link_3
etc.
I'd like to know myself, we've had a use-case for this for a long time but had to end up implementing it in our own middleware (just doing multiple permission checks and requiring them all to pass)
b

bala

02/28/2023, 1:08 PM
yea I was able to do that way, but in our case N is not static. https://discord.com/channels/844600078504951838/844600078948630559/1078323834094108692
Then did you implement caching in the middleware as well, also reverse indexing could have potential performance problems ?
p

pdow

02/28/2023, 1:11 PM
We just do the checks all in parallel, for our use-case the performance is good enough without extra caching etc.
And we don't need to enumerate resources for this, just check specific ones. Enumerations would be much harder