What is the difference between ExpandPermissionTree and LookupResource?

- ExpandPermissionTree gives you detail about how a permission was granted by exposing the path that led to it. However, it does not recurse, so it cannot be used to answer the question "give me the resources a user has a specific permission for". It's more of an API for debugging purposes. - LookupResources answers "give me the resources a user has a specific permission for", but unlike Expand, it does not tell you the path/s that led to its response

So lookup is the short cut of the expand tree, is that correct? The end result is the same, if I just want to know which resources, a subject has access to?

I don't think you can say "expand is the shortcut to lookup resources". I've rarely seen folks using expand, and when they did, what they actually needed was lookup resources

So in a simple example document -> reader A lookup could tell me who can read a specific document? Sorry for the simple questions. I am trying to find out, what the correct way is to use SpiceDB.

yes, it will tell you that, in a simple example, and in more complex scenarios

Ahhh in our case we want to be able to lookup both ways and has tried to create two relations. But could we just use lookupresource and lookupsubject

correct, you don't need two relations unless there is an actual need to traverse in both directions