SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

one way to block a user is to use exclusions, meaning the `-` operator.  So you could define `step` as 
```
       definition step {
          relation stage: stage
          relation viewer: user
          relation noaccess: user

          permission view = stage -> view + viewer - noaccess
       }
```
and then insert an explicit `noaccess` relation when you want to block view access