← Graph

How hard is it to keep authorization relationships in sync?

question 2 connections

Audience question about the difficulty of keeping tuples consistent with domain models. Answer: it is a real challenge because you are duplicating many-to-many/foreign-key relationships out of your schema into a single normalized tuple table. Must be managed explicitly (e.g. after_commit). In a monolith it can be kept in one transaction; with authorization-as-a-service it must be synced between the Rails app and the external service. Track only relationships relevant to authorization.

answer_summary
Yes, it's a real overhead; duplicate relevant relationships into tuples and keep them in sync via explicit code (after_commit / external sync), ideally only for authorization-relevant relations.
question How hard is it to keep authorization relationships in sync?
about
Fine-Grained Authorization concept
About the operational cost of maintaining an FGA tuple store.
question How hard is it to keep authorization relationships in sync?
asked_at
No 'Pundit' Intended talk
Audience Q&A following the talk.

Provenance

Created in
No 'Pundit' Intended — Rails Authorization by Yatish Mehta 2026-04-18 07:44
Read by
2 extractions