Hi @yetitwo and @Joey ,thank you for the quick responses I omitted the permission check part because I don't have any issues there. Here's the full example:

definition user {}
definition acl {}

definition C {
    relation acl: acl
    relation reader: user:*
    relation writer: user:*
}

definition B {
    relation c_instance: C
    relation user: user

    permission read = c_instance -> reader & user
    permission write = c_instance -> writer & user
}

definition A {
    relation b_instance: B
}

definition document {
    relation b_instance: B

    permission read = B -> read
    permission write = B -> write
}

The idea is that C holds the permissions for the ACL that a user will have access to. There can be 0-10 instances of C related to a single ACL. B is an instance that will later be tied to a particular document, there might be millions of B instances for one C. A is related to all B instances for a particular user and particular C, with potentially 200,000 B instances related to one A. The goal is to determine which permissions a user has for an ACL. A user has permission to an ACL if there is a B instance related to C that grants this permission to the ACL. However, when I tried this:

definition A {
    relation b_instance: B
}

the performance was terrible. Looking up the first B instance for my particular A and checking B's read/write permissions works fine, but the performance still degrades significantly depending on the amount of relations. Getting the first B for my A shouldn't depend on the number of relations and I can check the permissions I need on it