Yes i think i understood that, but then i am restricted to only the relations between entities to decide upon an authz decision. I haven't skimmed the spiceDB doc enough yet but i think i have not seen any way to use environnement conditions to modify the decision (unless caveats are what i'm looking for) If instead i provide the object graph to the rego engine, i can add more constraint with policies-as-code defined by the tenants