In 2019, Google researchers presented Zanzibar, a distributed system for storing and evaluating access control lists (ACL), at USENIX. More recently, the AuthZed team has OSS’ed SpiceDB, an implementation of the Zanzibar paper- which decouples the application from policy, and policy from the data upon which it operates. With SpiceDB, developers specify a schema with an intuitive and flexible language to model their permissions requirements and use a client library to apply that schema, insert data into the database, and query the data to check application permissions. SpiceDB uses a graph engine to efficiently evaluate permissions and can use Postgres or CockroachDB as a backend for durable storage of ACLs.