@vroldanbet I have just checked out your proposal, and it seems to be the perfect solution for our use case. I have tested the solution in the playground, and it works fine. For reference, here is the playground I used as well as some query examples in case anyone in the future needs to implement the same solution: https://play.authzed.com/s/q98rBilxbHdP/schema

$ zed permission check zone:1 write user:1 --caveat-context={"active_project_id":"1"}

false

$ zed permission check zone:1 write user:1 --caveat-context={"active_project_id":"2"}

true Thank you so much!!