> the relation could be relation new_admin_dashboard_viewer "Viewer" is already a matter of permission though: admins can "view and manage" the dashboard while non-admins can only "view", and we can imagine inactive users who can't do anything. Feature flags in our system are applied on orgs, not users. Modelling it to be per-user is always going to be confusing for us: our developers writing permissions will want to express "this permission is given if the user is an admin and its org has the feature flag XXX enabled". That's not necessarily a dealbreaker but is less than ideal! > A good way to think about what should be in SpiceDB or not is whether or not another (micro)service would ever want to also check for that relationship/permission. Yes, our microservices do need to check permissions that are dependent on feature flags > but it does require the extra relation back for the walk Out of curiosity, is there a technical reason why the permission must express a set of paths ending on a user, rather than any set of paths at all?