Google Zanzibar – Modeling Permission Boundaries and Set Intersection
For the sake of learning and to satisfy my own curiosity I'm attempting to rebuild the primary features it offers using strictly open-source software. If you're interested, take a look! https://github.com/jon-whit/zanzibar-poc
I'm particularly interested in how the model works with disjoint intersections of relation tuples.
Particularly, if a user has a maximum level of permissions (e.g. a permission boundary) in addition to a set of shared/granted permissions, how would that be modeled in Zanzibar's model?
Let's say you have the following model:
PermissionBoundary { id : string, permissions : []string }
User { id : string, boundaryId : string // FK on PermissionBoundary }
The effective permissions a user has is composed of the joint intersection of the permission boundary permissions and the shared permission (relations) on the object.
effectivePermissions = boundary.permissions & shared.permissions
I know the paper mentions userset rewrites that can express intersection, but I'm having a hard time modeling how it actually works with join/swing tables like my model above demonstrates.
0 comments
[ 3.6 ms ] story [ 7.7 ms ] threadNo comments yet.