So I've got a rule on

deal

that says

permission view = investment->view + sponsor

. I do the permission check using

at_least_as_fresh

set to the max zedtoken of the deal and the user. This doesn't always work right away, because if an investment is added after the deal is created/modified, it has a later zedtoken than either deal or user, and when using

at_least_as_fresh

, spicedb queries postgres based on the max of that zedtoken and whatever it thinks is the latest transaction (e.g. if it hasn't updated from postgres since the last write to

relation_tuple_transaction

)