Office Hours: ACL-aware filtering in your own database with SpiceDB and AuthZed Materialize

How I'm Learning SpiceDB

/assets/team/sohan-maheshwar.jpg
October 31, 2024|5 min read

I recently joined AuthZed as a Developer Advocate, and I want to document my learning journey for those going through a similar process. Here are the 4 steps that helped me ramp up my knowledge of SpiceDB. I hope you'll find these helpful on your own learning journey!

1. Start with the Basics

It's always beneficial to have strong foundational knowledge. In the past, my eagerness to code got the better of me, and I dove headfirst into building something only to backtrack to actually understand how it works. This time, I didn't want to repeat that mistake, so I started with a refresher on Authorization, ABAC, RBAC & ReBAC. If these acronyms are new to you, I'd suggest starting here.

I then read the Google Zanzibar paper that inspired SpiceDB, and re-read it - this time with annotations. I have to admit - I find it hard to parse academic papers (who doesn't wish for a TikTok-style summary sometimes?). That's where this presentation by Jake Moshenko came in really handy. His explanation brings to life all the concepts listed in the paper and reinforces understanding of how Zanzibar works.

Although SpiceDB is inspired by Zanzibar, there are some key differences. Here are some differences in a Q&A format that helped clarify the concepts. If the number of new concepts and terminologies seems overwhelming, that's okay! You don't have to understand all of it from the start, and hopefully, the rest of this article will help with your learning journey.

2. Get the Hang of Schema Design

Schema design is central to SpiceDB and was a new concept for me. A schema essentially defines the types of objects in your system, how those objects relate to one another, and the permissions that can be computed from those relations. I started by watching this video on modeling the GitHub permissions system using Schema.

For practice, I used real-life examples (such as Google Groups or a banking system) and sketched out the different users, objects, and relationships between them. Progressing from a basic user-document schema to a complex real-life example provides valuable practice in designing schemas for SpiceDB.

You can experiment with modeling these in the SpiceDB playground. I encourage you to try it out.

An image of the Google Groups schema handwritten An image of the GitHub schema handwritten

3. Build Something Starting from a Point of Familiarity

Having worked at companies like Amazon Web Services (AWS) and Fermyon, I have background knowledge in Cloud, Compute, and Serverless technologies. I looked through the documentation for familiar territory and found Deploying SpiceDB on Elastic Kubernetes Service. My experience with Amazon EKS helped me understand how SpiceDB integrates into that system.

If you come from an application development background, you might prefer starting with one of our client libraries to build a simple app that communicates with a local SpiceDB instance. Our getting started guide Protecting A Blog Application can be particularly helpful. For those with authorization experience, we offer guides on how SpiceDB compares with Open Policy Agent (OPA) or a comparison with Ruby on Rails CanCanCan. Both show different approaches but share some common ground.

SpiceDB is completely open-source, and we welcome community contributions! Whether you'd like to suggest improvements, fix documentation typos, or contribute to the community, please feel free to do so. Check out our Good First Issues and join our Discord community.

4. Use AI Strategically

While learning to deploy SpiceDB on Amazon EKS, I encountered some challenges (a natural part of learning) and consulted ChatGPT about these errors. Here's a debugging step that I received:

(For context: zed is the AuthZed CLI tool)

A chatGPT snippet

Pretty straightforward, right? Well, except that config is not a zed CLI command. LLMs can hallucinate and often do so with a lot of confidence. Watch out for inconsistencies like these that could trip you up when copying code from an LLM.

This highlights an important distinction between "learning something" and "building something". Asking ChatGPT "How do I install SpiceDB on EKS" and then just spamming the copy-paste keys is not the best way to learn something. I can attest to this because it's exactly what I did at the start! Only partway through did I realize that I hadn't achieved what I set out to do and had to backtrack. On the other hand, asking an LLM about how I could start debugging certain errors gave me a good understanding of what's under the hood. Use these tools thoughtfully and purposefully.

One Final Thought

I'm on a roll with the advice, so here's one more thing (yes, that's a Stevenote reference). This has held me in good stead over the years when learning anything new: enjoy the process, the results will follow.

Happy Learning!

P.S. Here's a webinar I recorded for CNCF about Deploying SpiceDB in EKS. There's nothing quite like learning in public! 😎

Get started for free

Join 1000s of companies doing authorization the right way.