> Furthermore, in the aforementioned article it states: Google's engineers recommend that you use a policy engine alongside Zanzibar to close the gap. This, however, is already handled with SpiceDB if I'm not mistaken.
SpiceDB handles policy and attribute-based access control via the use of caveats:
https://authzed.com/docs/spicedb/concepts/caveats. I also believe the article is incorrect: we have reason to believe that Zanzibar itself has something very similar to caveats