SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hi everyone. I'm modeling the permissions in my application and I have the typical `organization` and `user` definitions that you'd see in most examples. I've also read through the github and watched the google groups blog posts, but I haven't found a elegant/recommended/typical way to model an `edit` permission on a user. In my model, the only ones that should be allowed to edit a user's profile are:
* The user themself
* An administrator.

I've modeled the ability to edit one's personal profile with a `self` relation in the `user` definition, but it seems inelegant. Is there a simpler pattern that I'm missing? Thanks in advance.
```
definition user {
    relation self: user
    relation viewer: user
    relation organization: organization

    permission edit = self + organization->create_user
    permission view = viewer + edit + organization->member
}

definition organization {
    relation admin: user
    relation direct_member: user
    permission member = admin + direct_member
    
    permission create_user = admin
}
```