Hi! I'm on the GitHub team working on modeling our authz with spicedb, and had a question about "self" relationships. A resource can live under an organization or a user (think repos or packages). In order to see if a user can create a resource under an organization, it's simple to model it with a

member

check.

definition github/organization {
  ...
  permission create_resource = membership
}

I'm looking at the user owned case, and want to limit creating resources owned by the user to the user only. Is there a

self

relationship available in the schema language? I'd like to be able to define:

definition github/user {
  ...
  permission create_resource = self

And then have an assertion:

assertTrue:
  - github/user:cjs#create_package@github/user:cjs
assertFalse:
  - github/user:cjs#create_package@github/user:rando

The alternative is to define a container that can be owned by a user (or org) that holds the

create_resource

permissions.