AuthZed Product Documentation


Enterprise builds of SpiceDB support additional behavior provided by an extension point called Extender.

Extenders include:

Both Cloud and Dedicated provide dashboards for configuring functionality powered by Extenders, but you might be interested to learn more if you're exploring Self-Hosted.


--extender-audit-batch-size-limitdefines the maximum number of audit events to be processed as a unit10000
--extender-audit-buffer-sizedefines the size of the audit log buffer that holds events to be processed by workers1000000
--extender-audit-buffer-windowdefines maximum amount of time events are buffered before being pushed1s
--extender-audit-disabled-on-methods stringslist of comma-separated, fully-qualified API methods to disable events for. Watch API is always excluded (e.g. /authzed.api.v1.PermissionsService/CheckPermission)
--extender-audit-initial-retry-interval durationsets the first retry backoff in case of a failure to push audit events to the backend1s
--extender-audit-max-retry-interval durationsets the maximum backoff duration in case of failure to push events30s
--extender-audit-retry-randomizer-factorsets the randomization factor for the backoff duration - this helps prevent thundering herds on event push errors0.5
--extender-audit-stream-namedefines the name of the target stream/topic (e.g. Kafka Topic, Kinesis Stream...)spicedb
--extender-audit-target-configurationtarget-type specific configuration[]
--extender-audit-target-endpoint-url stringdefines the URL of target endpoint to ingest audit events. If left unspecified, some types will try to determine automatically (e.g. AWS SDK)
--extender-audit-target-typedefines the type of target to ingest audit eventsnoop
--extender-audit-worker-countdefines the number of worker goroutines to process audit events (default 5)
--extender-authzed-fgam-endpointdefines the external SpiceDB endpoint used to authorize operations for the authzed-fgam extender. If a file:// endpoint is provided, server is run embedded with static configuration
--extender-authzed-fgam-preshared-keydefines the external SpiceDB preshared key used to authorize operations for the authzed-fgam extender. Ignored if endpoint is local (file://)
--extender-enabledenables one or more extenders out of [authzed-fgam spicedb-enterprise-serverversion authzed-audit usage].
© 2024 AuthZed.