SpiceDB Playground refresh: what it means for ReBAC workflows

TL;DR: Editing schemas, relationships, assertions, and permission checks in one browser view is now easier, with the same answers as a production SpiceDB cluster and shareable workspaces for team collaboration, according to Authzed. The change lowers friction for ReBAC modelling, but it also raises the bar for how teams validate access logic before moving it into production.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

Questions worth separating out

Q: How should teams use a ReBAC playground to validate access changes before production?

A: Use the playground as a regression environment, not just a demo surface.

Q: Why do relationship-based access models need testing beyond role review?

A: Because ReBAC decisions depend on how entities relate to each other, not only on the roles they hold.

Q: What should IAM teams look for when sharing an access model with reviewers?

A: They should share the working model itself, including schema, relationships, and assertions, so reviewers can inspect the actual behaviour rather than fragments of it.

Practitioner guidance

• Use assertions as release gates Require schema changes to pass permission assertions before they are promoted into any shared or production authorisation model.
• Review schema and relationships together Avoid separate review tracks for schema changes and relationship data.
• Standardise a shareable review artefact Use the workspace link as the canonical review object for security, platform, and application owners.

What's in the full announcement

Authzed's full blog post covers the operational detail this post intentionally leaves for the source:

• The refreshed browser workflow and how the tab system was reworked for faster schema iteration.
• The full set of Playground capabilities, including schema editing, relationship editing, assertions, and permission checks.
• How the built-in zed CLI can be used inside the browser for hands-on model testing.
• The new example schemas that give teams more starting points for learning ReBAC patterns.

👉 Read Authzed's update on the refreshed SpiceDB Playground and ReBAC workflow →

SpiceDB Playground refresh: what it means for ReBAC workflows?

Explore further

View Full Forum →  |  NHI Foundation Course →