This message was deleted.
# opals
Slackbot
07/04/2023, 6:33 PMThis message was deleted.
o
Or Weis
07/04/2023, 6:39 PMThere are multiple ways to go about this. But in general you’d be using Zanzibar as a datastore, and as you say use a data-fetcher to load data or subsets of data from into OPA.
At Permit we combine that with a Go plugin for OPA that optimizes the navigation on the graph subset downloaded from the Zanzibar system.
Note that non critical path queries like reverse indices (Who can do x, as opposed to can Y do x) could/should still be executed against the top full Zanzibar solution
y
Yuan
07/04/2023, 6:47 PMSo, if I understand correctly, OPA downloads relation tuples from Zanzibar datastore and evaluate the relation locally, instead of making an evaluation request to Zanzibar
o
Or Weis
07/04/2023, 6:52 PMYes, that would be my recommendation,
Solving latency, availability, and coupling issues
y
Yuan
07/04/2023, 6:53 PMAny chance the Zanzibar plugin is opensource? Or if there is an article/blog post that I can learn more about it? Thanks!
o
Or Weis
07/04/2023, 6:59 PMWe are thinking about open-sourcing it (CC: @Asaf Cohen, @Omer Zuarets, @Shaul Kremer)
But haven’t yet - also it’s more of a ReBAC graph plugin than a Zanzibar plugin but I guess that’s almost semantics in this case
Or Weis
07/04/2023, 7:00 PMYou can read about how we’re modeling ReBAC permissions in Permit here:
https://docs.permit.io/features/modeling/google-drive
Though it doesn’t touch explicitly on the plugin
y
Yuan
07/04/2023, 7:25 PMThank you!!