SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

OK so I guess we just have to make extra-sure that all relations are being backfilled very carefully.

> permission view = viewer - banned
we would actually do something like that, yes.
When adding or removing to this `banned` group, I'm just not sure of which endpoints to use.
To add `WriteRelationships` would be a no-brainer but when deleting, I'm sensing that there are two endpoints that are not well explained.

There is `WriteRelationships` with `RelationshipUpdate.Operation == OPERATION_DELETE` as well as the `DeleteRelationships` endpoint.

I'm assuming that when removing from a `banned` group, I should use the `OPERATION_DELETE` but I just want to make sure that I'm getting it right.