Is it possible to lookup resources for all types and permissions?

[F21]

I am currenly using zed to test out SpiceDB and am testing the zed permision lookup-resources command. From what I can gather, one must use zed permission lookup-resources type permission user. Is there anyway to look up all resources accessible by a given user regardless of the type or permission? My use-case is to look up all resources of all types and permissions and then to use the resource id with an elasticsearch query to perform a search across all types.

[vroldanbet]

@F21 no, you cannot do a LookupResources for all permissions. You can use SpiceDB's 1.33 new ReflectSchema API that lets you discover which permissions exist on a given resource; with that, you can issue a LookupResources for each permission.

Consider that you'd need to update your denormalized permissions in ElasticSearch every time a write affecting your authorization happens. You can also use another Reflection API to help you here: ComputablePermissions. You'd need to listen to the Watch API to get the changes applied to your SpiceDB, and then send that to ComputablePermissions, which would tell you which permissions would need to be updated in ElasticSearch.

Also do note that this is what we built our commercial Authzed Materialize for: to help users build a normalized form of your computed permissions: https://authzed.com/blog/materialize-early-access