SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

I have a "role" object which can "imply" (that is presence of roleA implies that user has all the permissions of roleB) in an recursive fashion.
How do i express this in a schema?

I tried:

```
definition user {
}

definition group {
    relation member: user
    relation subgroup: group
    permission group_members = member + subgroup->member 
}

definition object {
    relation perm1_direct: group
    permission perm1 = perm1_direct->group_members;
}
```
With the following relations:
```
group:groupa#subgroup@group:groupb
group:groupb#subgroup@group:groupc
group:groupc#member@user:usera
object:obja#perm1_direct@group:groupa
```
And I am testing against:
```
object:obja#perm1@user:usera
```
This set passes when user belongs to groupa or groupb but not when user belongs to groupc