I was considering this option, but I was wondering if there might be another way. We anticipate having multiple services (one entity per service) and multiple organizations. Ideally, we would use something like this:

definition user {}

definition org {
    relation owner: user
    relation member: user
}

definition service_1 {
    relation org: organization
    relation instance: instance_1
    relation granted: role_binding

    permission create = granted->service_create + org->owner
}

definition instance_service_1 {
}

...

definition service_N {
    relation org: organization
    relation instance: instance_N
    relation granted: role_binding

    permission create = granted->service_create + org->owner
}

definition instance_service_N {
}

Setting up each organization for every service could become quite complicated for us. However, if there are no other options, we will proceed with this approach.