SpiceDB is a database system, inspired by Google's Zanzibar, for managing application permissions. With SpiceDB, you create a schema to model the permissions requirements and use the client library to apply the schema to one of the supported databases, insert data and query to efficiently answer questions like "Does this user have access to this resource?" or even the inverse "What are all the resources this user has access to?" We usually advocate separating the authorization policies from code, but SpiceDB takes it a step further by separating data from the policy and storing it as a graph to efficiently answer authorization queries. Because of this separation, you have to ensure that the changes in your application's primary data store are reflected in SpiceDB. Among other Zanzibar-inspired implementations, we find SpiceDB to be an interesting framework to assess for your authorization needs.
