spicedb icon indicating copy to clipboard operation
spicedb copied to clipboard

Published 20 hours ago verified publisher icon authzed

GC of relationships expired via caveats

Open jhalleeupgrade opened this issue 2 years ago • 2 comments

With the caveats implementation now available, we have the option to support TTL on relationships by doing something like follows:

  caveat is_not_expired(current_time timestamp, expiration timestamp) {
    current_time < expiration
  }

  definition document {
    relation viewer: user with is_not_expired
    permission view = viewer
  }

(example took from here https://github.com/authzed/spicedb/issues/282#issuecomment-1478314417)

Some use-cases might require using SpiceDB to store solely "session related" permissions (ephemeral). This would cause having a datastore that grows rapidly in size. It would be nice to support some kind of GC to prevent having an ever growing datastore containing relationships that are technically "expired".

jhalleeupgrade avatar Apr 12 '23 18:04 jhalleeupgrade

Is there any progress on implementing this feature?

reza-ebrahimi avatar Jan 20 '24 13:01 reza-ebrahimi

Is there any progress on implementing this feature?

Not currently. Still in the design phase.

josephschorr avatar Jan 20 '24 18:01 josephschorr