Managing schemas in production is very similar to managing the schema of a relational database. We recommend defining new permissions that are backwards compatible with the old permissions such that once all your code is updated, the old permissions can be dropped from the SpiceDB schema. You can define permissions in terms of other permissions, which helps a lot for this use case (e.g.
permission read = readers; permission write = writers + read
if the definition of
changes in this example, there are no changes to
to make it have the desired behavior).