A modern web interface for managing SpiceDB authorization systems. Built with Next.js and Tailwind CSS.
|
Dashboard |
Schema Management |
|
Entity Relationships |
Permission Management |
|
Bulk Operations |
Authentication Details |
- Dashboard - Real-time overview of your SpiceDB instance with stats and activity
- Schema Management - Visual and text-based schema editor with validation
- Relationship Management - CRUD operations with smart dropdowns and search
- Authorization Testing - Permission checks, expansions, and subject lookups
- Node.js 16+
- Running SpiceDB instance (HTTP API enabled)
-
Clone and install
git clone https://github.com/mejaz/spicedb-ui.git cd spicedb-ui npm install -
Start SpiceDB with HTTP API
docker run -d --rm -p 50051:50051 -p 8443:8443 \ authzed/spicedb serve \ --grpc-preshared-key "your-token-here" \ --http-enabled -
Configure environment
# Create .env.local SPICEDB_URL=http://localhost:8443 SPICEDB_TOKEN=your-token-here -
Start the UI
npm run dev
-
Build the Docker image
docker build -t spicedb-ui . -
Configure environment variables
Create a
.envfile in the project root:# .env SPICEDB_URL=http://host.docker.internal:8443 SPICEDB_TOKEN=your-token-hereNote: Use
host.docker.internalto connect to services running on your host machine from within the Docker container. -
Run the container
docker run --env-file .env -p 3000:3000 spicedb-ui
-
Access the application
Open your browser and navigate to
http://localhost:3000
Alternative: Using Docker Compose
For easier management, you can also use Docker Compose:
# docker-compose.yml
version: '3.8'
services:
spicedb-ui:
build: .
ports:
- "3000:3000"
environment:
- SPICEDB_URL=http://host.docker.internal:8443
- SPICEDB_TOKEN=your-token-hereThen run:
docker-compose up --buildEnvironment variables in .env.local:
SPICEDB_URL=http://localhost:8443 # SpiceDB HTTP API endpoint
SPICEDB_TOKEN=your-token-here # Pre-shared key for authentication- Navigate to Schema page
- Edit your authorization model using SpiceDB schema language
- Use the visual view to see parsed namespaces, relations, and permissions
- Save changes directly to SpiceDB
- Go to Relationships page
- Add relationships using smart dropdowns:
- Resource: Search existing or create new (e.g.,
business:acme-corp) - Relation: Auto-populated from your schema (e.g.,
owner,manager) - Subject: Manual entry (e.g.,
user:alice)
- Resource: Search existing or create new (e.g.,
- View, search, and filter existing relationships
- Use Check page for permission testing:
- Permission Check: Test if a subject has permission on a resource
- Expand Permission: Visualize permission trees
- Lookup Subjects: Find all subjects with a specific permission
definition user {}
definition business {
relation owner: user
relation manager: user
relation read_access: user
permission issue_invoices = owner + manager
permission view_invoice_list = read_access + owner + manager
permission modify_invoices = owner + manager
}
definition system {
relation admin: user
permission global_admin = admin
}The UI creates several API routes:
GET /api/spicedb/stats- Dashboard statisticsGET /api/spicedb/health- Connection health checkGET /api/spicedb/activity- Recent activity feedGET /api/spicedb/resources- Available resources and relationsGET|POST /api/spicedb/schema- Schema managementGET|POST|DELETE /api/spicedb/relationships- Relationship CRUDPOST /api/spicedb/check- Permission checkingPOST /api/spicedb/expand- Permission expansionPOST /api/spicedb/lookup-subjects- Subject lookup
- Frontend: Next.js 13+, React, Tailwind CSS
- Backend: Next.js API routes
- Database: SpiceDB (via HTTP API)
- Styling: Tailwind CSS with custom components
npm run dev # Start development server
npm run build # Build for production
npm start # Start production server- Fork the repository
- Create a feature branch
- Make your changes
- Test with your local SpiceDB instance
- Submit a pull request
MIT