SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hi, I am new to SpiceDB and want to create a service allowing my users to define an entities graph and use it to set access controls. For example, they can define a university entity and multiple child department entities, allow university level users to access departments level data. Does SpiceDB support this? Thanks for any pointers.

I have a similar question. 

Please guide

yes, you can do this by having the department nest under the university

```
definition user {}

definition department {
  relation parent: university
  relation member: user
  permission view = member + parent->admin
}

definition university {
  relation admin: user
}
```

here, any `admin` user of the university can view any of the departments

Thanks. Can my service users define what you instructed by themselves and use my service for their authorization?

no, not unless you have a truly dynamic schema

Could you share a pointer for dynamic schema?

https://authzed.com/blog/user-defined-roles