Managing schemas in production is very similar to managing the schema of a relational database. We recommend defining new permissions that are backwards compatible with the old permissions such that once all your code is updated, the old permissions can be dropped from the SpiceDB schema. You can define permissions in terms of other permissions, which helps a lot for this use case (e.g.

permission read = readers; permission write = writers + read

if the definition of

read

changes in this example, there are no changes to

write

to make it have the desired behavior).