Hello I m thinking of a way to handle a RBAC with Keto I tho

Question

Hello I m thinking of a way to handle a RBAC with Keto I thought of reprensenting roles as a namespace using something like that ```storage id1 read roles editor member storage id1 write roles editor member``` However I read a bit about <https storage googleapis com pub tools public publication data pdf 41f08f03da59f5518802898f68730e247e23c331 pdf subsubsection 3 2 5|hotspot handling in the zanzibar paper> and it seems this representation would cause a hotspot I think I guess the alternative to that would be to use inheritance of relations with subjectset rewrites once they re added but in that case how would you handle listing the roles available for binding Do you have any best practice advice on this maybe

steep-lamp-91158 · Answer

Did you already read <https github com ory keto issues 598> and the blog post linked there

victorious-flower-63171 · Answer

Yes it seems to use a role namespace but there doesn t seem to be anything about hotspots I guess it s a bit early in the life of Keto to worry about hotspots

victorious-flower-63171 · Answer

Also in the Zanzibar paper there is a <https storage googleapis com pub tools public publication data pdf 41f08f03da59f5518802898f68730e247e23c331 pdf section 5|little word> about implementing an RBAC saying that roles are similar to relations but there is no details given

steep-lamp-91158 · Answer

hm yeah hotspots are nothing we ran into yet

steep-lamp-91158 · Answer

I would just go with it like that and figure out how to optimize it later

victorious-flower-63171 · Answer

OK thanks for your assistance slightly smiling face

steep-lamp-91158 · Answer

I understand that they mostly combat hotspots with the distributed cache

steep-lamp-91158 · Answer

so not unsolvable

steep-lamp-91158 · Answer

and you can still have them in your data