#Question on retrieving lists
red flume
Hi @tardy escarp, for lists that have pagination with large amounts of data, using individual checks won't be the best solution. Instead we're providing two types of data filtering endpoints.
One of them (https://docs.permify.co/docs/api-overview/permission/lookup-entity/#lookup-entity) allows you to directly get the IDs of the authorized entities in an array, which is again not a viable option if you have pagination.
The other alternative involves handling it with Streaming (https://docs.permify.co/docs/api-overview/permission/lookup-entity/#lookup-entity-streaming).
If you believe neither of these solutions addresses the issue on your end, we could have a discussion to devise an alternative solution.
tardy escarp
The issue we are trying to address is rather simple when the permission model is trivial… user.. user group..group.. group entity … entity. Give me all entities for this user.
There you have innerjoins all the way down
But as soon as some product manager gets all excited by a Zanzibar paper, implementing that in a traditional db becomes a performance nightmare
I guess I’m trying to understand how do you incorporate your solution and not lose the ability of returning a simple “secure” result set?
Ie. Items that only apply to a user. Without having to post process the result
red flume
So, as far as I understand, you are trying to implement Zanzibar from scratch as requested.
If that's the case, firstly, if you believe you have a trivial permission model (and assuming it will not expand or become complex over time), using a fine-grained access control approach might not be the best solution. Secondly, since we've open-sourced Zanzibar, you can examine how we implemented such a model and improve upon it in our GitHub repository. Also, I could share a basic tutorial with you where we demonstrate implementing a Zanzibar check request and data model in PostgreSQL: https://www.permify.co/post/exploring-google-zanzibar-a-demonstration-of-its-basics/.
The last thing to note is that the Zanzibar system is not really good at solving data filtering cases, for which we have developed additional endpoints that I mentioned to overcome this issue.
tardy escarp
We are being asked to implement a Zanzibar-like model of fine grain control.
I’m trying to understand how to best implement something like this when moving from a simple permissioning model for something as simple as a list
tardy escarp
How does anyone implement retrieval of bulk data using this? Post processing is not a solution when your results are millions