Hello FGA Support Team,
We are implementing Fine-Grained Authorization (FGA) on our Digital Asset Management (DAM) platform.
Our model includes roles, permissions, users, and teams to control access to assets, folders, shared links, and collections.
We want to ensure no unauthorized access occurs even for a fraction of a second, so we are considering the “private by default” as the upload pattern.
Here, when a user initiates an upload:
• The backend creates a placeholder asset record in the DB with status=pending and no access permissions assigned (private).
• The file is uploaded to storage (S3) using a pre-signed URL.
• Once virus scanning, metadata processing and thumbnail generation are complete, the backend assigns explicit or inherited permissions and updates the asset status to “available”.
• This guarantees strict least privilege security before any exposure.
However, we have performance concerns:
• We expect high upload volumes (potentially millions of assets) with thousands of users.
• Each asset will have at least two DB write operations (create placeholder → update on completion). Then, further permission assignments can be conducted throughout the lifecycle of the asset.
• Some uploads may fail or be abandoned, leading to orphaned placeholder records.
Our questions:
1. Does FGA recommend this approach for systems with large asset volumes?
2. Have you seen scalability or performance issues with this “create placeholder first” design in other customer implementations?
3. What are best practices to mitigate potential system bloat, such as:
• Excessive DB table growth from pending or orphaned records
• Increased index size or degraded query performance over time
Alternative approaches:
• Would it be preferable to upload assets without DB entries, keep them in a staging bucket with no public access, and only create DB records after processing is complete?
• Are there FGA implications for controlling access to objects that exist in storage but not yet in the authorization model?
As a summary our priority is to implement an approach that scales efficiently while guaranteeing zero unauthorized exposure for uploaded assets, even briefly.
We want to align with FGA’s recommended best practices for high-volume content platforms.
Thank you in advance for your guidance.
Best
Emir