Check Count | Permify | Page 1

junior creek Mar 19, 2024, 3:51 PM

#

Hi @arctic marsh the check_count signifies the number of checks that were performed to arrive at the permission decision. This provides insight into the operation of the Permify authorization engine, indicating how many individual permission checks the system executed to determine whether the request should be allowed or denied.

#

You can find more information in the following section: https://docs.permify.co/api-reference/permission/check-api#how-access-decisions-evaluated

arctic marsh Mar 20, 2024, 5:57 AM

#

Okay, thank you, I get this. I have another question here: I want to design a role that can do anything in any entity. Besides setting admin for each entity, is there any other way?

junior creek Mar 20, 2024, 8:58 AM

#

Yes, there is a way. You can define a global admin role within a top-level entity such as an organization, and then use relationship-based access control (ReBAC) to spread the admin permissions across other entities.
Such as:

entity organization {
  relation admin @user
}

entity project {
  relation owner @organization#admin
}

entity task {
  relation allowed @project#owner
}

In this abstract example, users who are admin of an organization can be granted owner permissions on a project, and similarly, task permissions can be inherited or granted based on the project's owner role.

Is that solve your case ?

arctic marsh Mar 20, 2024, 9:24 AM

#

This is my current schema. Let's take an example: suppose we have created many spaces, then each space has to inherit the relationship from the group. Is there a way to avoid inheriting from the group, such that being an admin alone would grant access permissions to all spaces, making data storage more concise?

#

entity user {}

entity group {
relation super_admin @user
relation internal_operator @user
}

entity space{
relation group @group
relation owner @user
relation partner @user

permission edit = group or owner or partner 
permission delete = group.or owner

}

#

we have to write the relation between space and group when I create a space

#

In fact, in our application scenario, there is only one group.

junior creek Mar 20, 2024, 11:12 AM

#

If you have only one group (most high level entity I guess) still my suggestion still the same. Your schema looks legit to me. Permify designed as being capable of storing and managing trillions of authorization data so explicitly defining all super_admins in the highest level seems right way to go.

#

But I'd love to learn more your use case and concerns around data storage (or about any topic, questions, etc). Would you be against a quick call in your availability ?

arctic marsh Mar 20, 2024, 11:21 AM

#

Of course, that would be fine, but I haven't finished the design yet. Let's wait until next week for me to summarize other questions and then we can discuss further.

junior creek Mar 20, 2024, 11:34 AM

#

That makes sense. Here is my calendar: https://calendly.com/ege-permify/30min-1?month=2024-03. You can book an available slot when you're ready 👍

#Check Count