SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

so you can either model it as:
```
definition vendor {
  relation custom: vendor
  permission edit = tenant->admin + (owner & custom)
}
```
and write a relation on the vendor with the same ID at both ends, or you can model it as a wildcard relation:
```
definition vendor {
  relation custom: vendor:*  // could also be user:*; the specific relation doesn't matter a ton
  permission edit = tenant->admin + (owner & custom)
}
```
and write a relation of `vendor:*` on the vendor