SpiceDB query planning and dispatch: what changes for IAM teams?

TL;DR: Advisor-driven plan selection can cut permission check time from 11,175 µs to 182 µs in a wide fan-out scenario and reduce memory from 208 KB to 7.9 KB, according to Authzed’s SpiceDB query planner benchmarks, while dispatch choices remain a major tuning area. The result is a clearer picture of where ReBAC performance improves, and where planner decisions still need refinement.

NHIMG editorial — based on content published by Authzed: SpiceDB query planner benchmarks and dispatch optimizations

By the numbers:

• In the same DoubleWideArrow scenario, QP Plain used 208 KB of memory while QP Advised used 7.9 KB.
• In the Postgres datastore benchmark, QP Local handled WideArrow in 0.50 ms versus 1.33 ms for current Dispatch.

Questions worth separating out

Q: How should teams optimize ReBAC permission checks in large graphs?

A: Start by identifying where the graph becomes broad, not just deep.

Q: Why do some authorization checks get slower as graphs grow?

A: They get slower when the engine must explore many intermediate relations before it can answer the request.

Q: How do you know if dispatch is helping authorization performance?

A: Dispatch is helping when repeated subproblems are reused often enough to offset network and serialization cost.

Practitioner guidance

• Map high-fanout authorization paths first Identify documents, groups, orgs, or folder structures that create wide arrows or repeated intermediate hops.
• Measure query latency by scenario shape Separate recursive chains, broad fan-out, and set-operation-heavy permissions in your testing.
• Tune dispatch against real cache economics Track whether dispatched subproblems are reused often enough to justify network cost.

What's in the full article

Authzed's full article covers the operational detail this post intentionally leaves for the source:

• The exact benchmark scenarios and schema definitions used to test recursive chains, fan-out, and set operations
• The full time and memory tables for algorithmic and datastore comparisons across in-memory, Postgres, and CockroachDB backends
• The specific planner optimizations and dispatch tradeoffs the team is currently tuning in SpiceDB

👉 Read Authzed's benchmarks on SpiceDB query planning and dispatch →

SpiceDB query planning and dispatch: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →