SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Would somebody can help me finish this parts of schema:
definition user {}

definition department {
    relation member: user | department#member
    relation manager: user
    relation parent: department

    permission view = manager + parent->manager
}

So how does manager can view department members which inclued son-department?

I think whether there's a rule when define relation like this example that I must need a new definition called "role" both contains "user" / "department" or whatever?