SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

I have a question in modelling permissions. Are there some best practices to model global permissions in spicedb? 
Lets say I have a video service and users have view access to some videos. Furthermore there are some people (but not all) that can flag videos but when they can, they can flag all videos that they can view. How to model this? An example could be
```
definition user {}
definition root {
  relation video_flagger: user
}
definition video {
  relation root: root
  relation viewer: user
  permission view = viewer
  permission flag = viewer & root->video_flagger
}
```
I have the feeling that it should work but it feels weird to make a singleton resource type just for global permissions. Is this a good idea, why or why not?