feat: new page (querying data) #451
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
miparnisari
force-pushed
the
querying-data
branch
from
dbfe5f4 to
43776c8
Compare
miparnisari
force-pushed
the
querying-data
branch
from
43776c8 to
c66e7a4
Compare
|
|
||
| # Querying Data | ||
|
|
||
| This page walks through the main ways to query data in SpiceDB. The options are listed from most preferred to least preferred, but the right choice always depends on your use case. |
There was a problem hiding this comment.
Is preferred the right word here? IMO, it implies the LookupResources API is not preferable?
|
|
||
| You can debug a check locally with `zed permission check resource:someresource somepermission user:someuser --explain` to see how the decision was made. | ||
|
|
||
| When your schema uses caveats and you don't provide all the required context in the request parameters, the API will tell you that in the response that the result is "conditional" instead of simply denying or allowing, and it's up to you to inspect that result. |
There was a problem hiding this comment.
Add link to caveats: https://authzed.com/docs/spicedb/concepts/caveats
|
|
||
| ## LookupResources | ||
|
|
||
| [`LookupResources`](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.LookupResources) is a good choice when you need to find all resources of a given type that a specific subject can access. It supports pagination and works well for moderate result sizes. |
There was a problem hiding this comment.
In the Protecting A List Endpoint page we say: "If the number of resources that a user has access to is sufficiently large and LookupResources can’t satisfy the use case anymore, another approach is to fetch a page of results and then call CheckBulkPermissions to determine which of the resources are accessible to the user."
This might contradict what's on this page
sohanmaheshwar
left a comment
sohanmaheshwar
left a comment
There was a problem hiding this comment.
Yay! this page is much needed. Added a couple of comments.
I think we need to align on the messaging across CheckBulkPermission and LookupResources . We've had mixed messaging out for this in the RAG usecases as well. Maybe Cormac can help us out with this
Description
Closes #95