you use SpiceDB to answer relation-based access questions very quickly with a configurable consistency guarantee

yea it felt pretty similar to model the org and user thing in both of them, but im guessing for other types of entities which do not semantically point to any kind of user behaviour, ill use database. Any access relations go to spice Thanks!

if you're asking about why you would duplicate relations in spicedb, it makes more sense when you are centralizing authorization concerns across multiple services

yea sounds good. for now im simply following the rule of whether something is about access. If yes, im not modeling it in SQL an example is: each user has a default org (the one you would create on signup) i could model this in spicedb as such

org:narang#owner@user:narang

where i mean that when you are an owner of an org, its your default org. But now the application needs to make sure semantically that its a strictly one-to-one relationship the other way is to simply put

owner

as column in

user

table, but this can be a part of access logic (an owner can do anything in their org), so now I have to duplicate it in spice so for this very case, im actually thinking of putting it in spice, and have the application make sure that it can only be a one-to-one relation considering this specific usecase, does it warrant adding the one-to-one relation in spice? Im guessing i can add a caveat saying, owner can only be someone with the same uuid as the user (kinda hacky, but im actually ok with it) note: not very confident with caveats rn (havent used them, just skimmed through it), might be wrong what i said. Im just making a guess on what i understand about it

generally yes, you want to have all of the information in spicedb required to answer a permission check question