I'm trying to make sense of the `ExpandPermissionT...
# spicedb
I'm trying to make sense of the
endpoint. I'd expect it to return all subjects who have the given permission on the given resource, but that doesn't seem to be the case: it returns a tree of set operations where the leaves are the subjects. That means that if I want to know which subject actually has the permission, I'd need to apply the operations myself? For example:
Copy code
$ zed permission expand caregivers_csv_upload agency:63ed361f-a0b7-41fc-9c4b-143e0fe792ad
 └── exclusion
      ├── agency:63ed361f-a0b7-41fc-9c4b-143e0fe792ad->account_manager
      │    ├── user:f71c18fc-fd2f-4a96-ab65-020cb00670c5
      │    ├── user:f9ed57f2-c881-4c3c-9fd5-f67043de3118
      │    ├── user:fdf84719-e48f-4637-b5c4-2efa32948602
      └── agency:63ed361f-a0b7-41fc-9c4b-143e0fe792ad->flag_rostering_integration
           └── user:*
There's an exclusion operation with
so I'd expect SpiceDB to tell me that 0 subjects have this permission. But nothing in the ExpandPermissionTree response seems to contain this information. Am I missing something?