https://authzed.com logo
Title
m

mgagliardo

02/28/2023, 5:06 PM
sure - basically, with SpiceDB we can almost always maintain the permission request to the scope of the entity and rely on the graph to resolve it, i.e. updating
ParentEntity
only really requires knowing about
ParentEntity
. But lets say in order to create a
ChildEntity
, which is a child of
ParentEntity
, it requires
write
permission on the specific
ParentEntity
. This puts a requirement that creating a specific
ChildEntity
would have to know that it needs to check permission on the parent
ParentEntity
first. Its not a difficult thing to do, but the simplicity of having dynamic permission checks only have to care about the entity its modifying is really convenient. I didn't know if there was some creative way to keep the logic encapsulated for creation as well