if your permissions are based on a combination of attributes, and those attributes are not changing for the application often, then you should be able to model them inside of Spice