Model, store, and check permissions correctly at scale — relationship-based, Zanzibar-proven — with SpiceDB.

Welcome to SpiceDB: Authorization with Google Zanzibar.

A practical, in-depth guide to SpiceDB, the open-source, Google Zanzibar-inspired database for application permissions. Learn how SpiceDB makes authorization dedicated infrastructure: the authorization problem and the Zanzibar insight, the service and datastore architecture, the schema language (definitions, relations, permissions), relationships and usersets, permission checks and computation (set operations and arrows), consistency and ZedTokens (the new enemy problem), caveats and advanced features, and operating SpiceDB as critical authorization infrastructure at scale.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What SpiceDB Is
2. Chapter 2 — The Authorization Problem
3. Chapter 3 — Architecture
4. Chapter 4 — The Schema Language
5. Chapter 5 — Relationships
6. Chapter 6 — Permission Checks and Computation
7. Chapter 7 — Consistency and ZedTokens
8. Chapter 8 — Caveats and Advanced Features
9. Chapter 9 — Operations and Observability
10. Chapter 10 — SpiceDB in Practice