lookup subject/entity endpoint | Permify | Page 1

grave stag Mar 25, 2024, 12:13 PM

#

Hello @obsidian snow , normally this API operates as a stream, but for HTTP requests, it will return a response only after the entire stream has finished. However, if you make a query with the gRPC stream API, the first response will come back to you in milliseconds, but the completion time will vary depending on the size of your data.

obsidian snow Mar 25, 2024, 12:22 PM

#

Hi @grave stag. Switching to gRPC is on the todo list but went with HTTP since I was not able to generate the required Java SDK from the .proto files initially (something to look into on my end).

The response still feels too slow to be honest since the result set only has 40 entries and the total set of entities/resources to check is somewhere between 1-2k.

But generally, it sounds like there is nothing to specially consider when using the API so I must either find out if this is the expected performance (which would not be acceptable for my use-cases) or there are internal issues. I'll try to gather a bit more information/debug data. Tipps on how to best do that are appreciated 🙂

grave stag Mar 25, 2024, 12:28 PM

#

If your model includes ABAC, this will affect the performance of the lookup entity. The reason for this is that in cases where ABAC is present, reverse lookup is not possible. Does your model include ABAC?

obsidian snow Mar 25, 2024, 12:39 PM

#

Yes, there is indeed an attribute (boolean) in place in this schema.

What I also discovered: I have around 550 schemas as I am writing it every time the application starts even if there are no changes. Does this also negatively impact the performance?

#

entity file {
    relation project @project

    relation directory @directory

    attribute access_controlled boolean
    relation granted @user @project_role#assignee

    permission read = (directory.read not access_controlled) or (access_controlled and granted and project.read_filesystem)
    permission update = (directory.update not access_controlled) or (access_controlled and granted and project.update_filesystem)
    permission move = update
    permission rename = update
    permission set_access = update
    permission replace = update
    permission share = (directory.share not access_controlled) or (access_controlled and granted and project.share_filesystem)
    permission delete = (directory.delete not access_controlled) or (access_controlled and granted and project.delete_filesystem)
}

grave stag Mar 25, 2024, 1:09 PM

#

Firstly, I have not encountered a case where such a high number of schemas are created at the same time. Are you conducting the lookup entity test simultaneously for the one schema? We generally do not recommend ABAC for use cases that involve lookup entities. I kindly ask you to remove ABAC and test it so that we can compare the results.

Alternatively we can hop on call to better understand the use case and the need to discuss the solution alternatives. You can select an available spot from my calendar: https://calendly.com/d/cj79-kyf-b4z

#lookup subject/entity endpoint