spicedb icon indicating copy to clipboard operation
spicedb copied to clipboard

Published 20 hours ago verified publisher icon authzed

[enhance] Add Constant support for permission or ObjectId

Open pathing opened this issue 3 years ago • 4 comments

such as:

definition role{ permission admin_pages = "UserManagement" + "ProductManagement" + "OrderManagement" permission pmc_pages = "ProductManagement" + "OrderManagement" }

and, role:1#admin_pages: ["UserManagement", "ProductManagement", "OrderManagement" ]

or Whether the current version achieve the above requirements

pathing avatar Sep 30 '22 09:09 pathing

@pathing I'm not sure I fully grasp the request but it seems like this request is at odds with the fundamental design of Zanzibar, where a graph of relations is defined.

You can see how is done in this blog: https://authzed.com/blog/user-defined-roles/

vroldanbet avatar Sep 30 '22 10:09 vroldanbet

I perhaps hit the close button to quickly here 😅 my apologies! After some discussion with the team, there could be scenarios where constants could come handy in the schema language, just not sure if that's what you need in your particular example.

Could you describe what you are trying to achieve?

vroldanbet avatar Sep 30 '22 11:09 vroldanbet

Thank you for your reply! ObjectId is a user-defined value in the current version. But I think it could be a enumeration variable in the schema file. For example, I define "definition role{}" and "definition page{}", and I want to make the role named Engineer to have page:user_management_interface permission. I think this permission is best defined in the schema file rather than initialized in the program.

pathing avatar Oct 08 '22 04:10 pathing

See also https://github.com/authzed/spicedb/issues/1266

josephschorr avatar Sep 01 '23 17:09 josephschorr