Some follow up questions: | Permify | Page 1

worldly notch Apr 20, 2024, 1:03 PM

#

Hi @crystal parrot ,

Regarding the Wildcards & Blocklist, currently we do not have such functionality in our open source. We could add them to our roadmap though. Can I know what’s your urgency for this features.

Regarding the conditional permissions:

You can use contextual tuples (https://docs.permify.co/operations/contextual-tuples) for sending additional parameter along with the check request.
You can use “rule” functions to define such conditions in your model. Here is an example of a rule for the case yo described. You can see how rules can be implemented in details in following docs —> https://docs.permify.co/getting-started/modeling#defining-rules

      parameter < 10.0000
  }

About versioning, we do support versioning of authorization models. When you make changes to a model by applying a new schema using the Write Schema API, the previous model is stored. Each time you submit a new schema, a unique schema version is returned by the API. You can continue using a specific version of the model in your API requests by specifying its schema_version.

This versioning system operates independently from the snapshot functionality provided by Snap Tokens, which are used to ensure the freshness and consistency of access control checks.

To manage schema changes and versions, we recommended to set up a central repository for your schema, validate changes via a CI pipeline, and deploy them using the Write Schema API. We also offer advanced features for this workflow (Github Integration, Schema Staging, etc) in our on-prem & cloud offerings.

crystal parrot Apr 22, 2024, 12:52 PM

#

Hi @worldly notch thanks for the quick response.
There is no particular urgency for those features, just nice-to-haves.

And, a follow-up question:
We have deeply-nested user_groups.
What is the recommend method to handle nested relations being removed?

I.e. team1 has relation with team2 has relation with team3

Following this logic, someone in team1 has permission to whatever team3 has permission on.
Imagine that team2 gets deleted, but we still want team1 to have access to team3 and all other relations.

worldly notch Apr 23, 2024, 8:34 AM

#

Hi @crystal parrot, so if team1 have access to specific resource because of permission inherited from team3 with team2 acting as the connector. Then removing team2 will break this connection between team1 & team3 so that the permissions gone idle, which means in access check team1 won't be granted access as it used to be. But this can simply more like a modeling approach rather than the data deletion approach. So if you want to inherit permissions from team3 to team1, and don't basically want team2 to affect it in any case you can just model accordingly I guess.

#

Could you share the existing model if you don't mind ? so I can better understand the situation.

crystal parrot Apr 23, 2024, 8:53 AM

#

Haven't gotten into modelling yet, this just struck me as I started thinking about modelling.

But our situation is:

We have users and user groups in our database
Users can belong to N amount of user groups
User groups can belong to M amount of user groups
We can set permissions on a user group or user level
Higher level user groups (and included users) should have access to everything lower level user groups have.

Currently we have a lot of logic to allow this, using quite expensive (recursive) queries

worldly notch Apr 23, 2024, 11:35 AM

#

Hi @crystal parrot , I’ve created following schema according to what you described. With this schema you can ensure that users belonging to higher-level groups inherit permissions from lower-level groups, fulfilling the hierarchical and inherited permissions requirement.

entity user {}

entity group {
  // Represents the direct members of the group
  relation direct_member @user
  // Represents groups that are directly nested within this group
  relation child_group @group
  // Represents the parent group of this group
  relation parent_group @group
  // Permissions
  permission access = direct_member or child_group.direct_member or parent_group.access
}

entity resource {
  // Represents the resource that groups or users can access
  relation allowed_group @group
  action view = allowed_group.access
}

Does such model can help you to get start with ?

#

Apart from the model, I might ask did you get the slack invitation ?

crystal parrot Apr 23, 2024, 11:36 AM

#

Most certainly! Thanks a lot!

#

And yes, alas, our company has a free slack plan so I can't actually join the channel 😅

The sufferings of a startup-scaleup

#

But I've gathered most of the info I need to form a decent comparison. Actually writing up the paper now and presenting it tomorrow.

worldly notch Apr 23, 2024, 11:39 AM

#

Great!! let us know if anything needed further ✌️

crystal parrot Apr 23, 2024, 11:42 AM

#

Quick question (sorry for all of them): The company list provided here, do they (partially) implement Permify for their authorization or are they more playing around / experimenting with it?

worldly notch Apr 23, 2024, 11:44 AM

#

Actually, they're moslty developers and advocates who have tested Permify. We have not listed our clients on Landing Page yet. But if you have any questions regarding the insights on who's mainly our customers what production usage look alike we'd love to have a quick chat to share

crystal parrot Apr 23, 2024, 12:18 PM

#

I see, thank you for your transparency.

During our call you (or your colleague, I forgot who it was) broadly mentioned fortune 500 companies, some San Franscisco companies and startups without providing names. So I was just curious if something large like Shopify or Meetup had implmented it

worldly notch Apr 23, 2024, 12:40 PM

#

Actually couple well known fortune 50 companies also implemented Permify and actively using it. But dropping names wouldn’t be right especially on this discord conversation. Thanks for understanding. But I can ensure you that we used to achieve & handle large loads. We’re currently doing benchmarks on performance & scalability. If you would like I can share it to you when its completed.

#

Or have any specific questions related with production readiness dont hesitate to askk

crystal parrot Apr 23, 2024, 12:43 PM

#

No worries, I totally understand. Thank you!

ashen egret Aug 14, 2024, 4:22 PM

#

@worldly notch hey did you finish the benchmarking on performance & scalability? I'm currently evaluating whether we should migrate our current system to Permify and it's crucial that the performance is comparable

worldly notch Aug 14, 2024, 7:43 PM

#

Hi @ashen egret, es, we conducted two benchmark tests. Here are the details: https://permify.notion.site/Permify-Performance-Benchmark-f3439647dcee415fa865a5443f2818b8

#Some follow up questions: