03/08/2023, 6:13 PM
Hello all. First of all, fantastic project. I'm currently evaluating spiceDB and had a few questions on capabilities and the type of questions spiceDB can (should?) answer. I was looking at the google cloud IAM blog post and the corresponding playground link: Using the above schema is it possible to get answers to the following queries? Also, do these queries even make sense in SpiceDB or should it be a different system? 1. Who has access to a project? It seems, I can add a permission that aggregates all other permissions, but not sure if that's the correct approach, how well does this scale? > permission has_access = granted_spanner_databaseroles_use + granted_spanner_databases_drop + ... > zed permission lookup-subjects project:proj1 has_access user 2. What projects does user have acess to? (1 solves this, not sure if the approach is correct) 3. What roles does a user have access to in proj1? 4. Does user have roleA access in proj1? (is there a more efficient solution than the answer to 3) 5. What roles does a user have access to (all projects)? 6. What projects does a user have roleA access to? Perhaps it's a different schema all together that's needed for this, just trying to wrap my head around the system and whether it's the right one to make these types of queries