SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

I've got a schema that looks something like this:
```
definition user {
  relation persona: user
}

definition thing {
  relation reader: user
  relation writer: user
  permission read: reader + writer
  permission write: writer
}
```
the "persona" notion is that a user may have personas which only have access to some subset of the things which the user can see. the concrete use case is a salesperson with access to many things showing a prospective customer what it looks like to be a user in the system with various levels of privilege.

it seems like this model should suffice. however, one of my coworkers asked me whether it's possible to get a list of all personas with read access on a thing, and then get a list of all nonpersona users with read access on a thing. it''d be filtering on whether a given user has a persona relation pointing at it. is there a way to express this in a `ReadRelationships` request? if not, is there a better way of asking the question, or of modeling this such that that question is answerable?

we could theoretically move the question outside of spicedb by having a naming convention for "persona" users vs normal users and then doing a string filter on the output of a Read request, but i'm wondering if there's another way of approaching it.