The data used to calculate permissions have the most critical correctness requirements in the entirety a software system.
Despite that, developers continue to build their own ad-hoc solutions coupled to the internal code of each new project.
By developing a SpiceDB schema, you can iterate far more quickly and exhaustively test designs before altering any application code.
This becomes especially important as you introduce backwards-compatible changes to the schema and want to ensure that the system remains secure.
The SpiceDB schema langauge is built on top of the concept of a graph of relationships between objects.
This ReBAC design is capable of efficiently supporting all popular access control models (such as RBAC
) and custom models that contain hybrid behavior.
Modern solutions to developing permission systems all have a similar goal: to decouple policy from the application.
Using a dedicated database like SpiceDB not only accomplishes this, but takes this idea a step further by also decoupling the data that policies operate on.
SpiceDB is designed to share a single unified view of permissions across as many applications as your organization has.
This has strategy has become an industry best-practice and is being used to great success at companies large (Google
, GitHub, Airbnb
) and small (Carta