Write Requests provide the ability to create, modify, or delete the relationships stored in Authzed.
Clients may modify a single relation tuple to add or remove an ACL. They may also modify all tuples related to an object via a read-modify-write process with optimistic concurrency control that uses a read RPC followed by a Write RPC:
- Read all relation tuples of an object, including a per-object "lock" tuple.
- Generate the tuples to write or delete. Send the writes, along with a touch on the lock tuple, to Zanzibar, with the condition that the writes will be committed only if the lock tuple has not been modified since the read.
- If the write condition is not met, go back to step 1. The lock tuple is just a regular relation tuple used by clients to detect write races.
Additional Protocol Buffer definitions used
Adding user with ID 213 as an editor and on a note:
- INVALID_ARGUMENT: a provided value has failed to semantically validate
- FAILED_PRECONDITION: a specified
write_conditionwas not true or a provided namespace or relation does not exist
For more generic failures, see the gRPC Status Code documentation.
Code Sample Parameter Values
|Tenant Slug||The slug for your tenant|
|Namespace||The namespace containing the object to check|
|Object ID||The ID of the object to check|
|Relation||The relation to check for the object|
|User namespace||The namespace for users in your tenant|
|User ID||The ID of the user against which to check|
|Zookie||The opaque token that signifies a read should be as fresh as the write that produced this token.|