SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hi! I'm on the GitHub team working on modeling our authz with spicedb, and had a question about "self" relationships.

A resource can live under an organization or a user (think repos or packages). In order to see if a user can create a resource under an organization, it's simple to model it with a `member` check. 

```
definition github/organization {
  ...
  permission create_resource = membership
}
```

I'm looking at the user owned case, and want to limit creating resources owned by the user to the user only.

Is there a `self` relationship available in the schema language? I'd like to be able to define:

```
definition github/user {
  ...
  permission create_resource = self
```

And then have an assertion:

```
assertTrue:
  - github/user:cjs#create_package@github/user:cjs
assertFalse:
  - github/user:cjs#create_package@github/user:rando
```

The alternative is to define a container that can be owned by a user (or org) that holds the `create_resource` permissions.