Hi everyone, Question about relationship management (and the consequences of the schema we have designed): modelling "multi-tenant modular RBAC". Our case is a user that can be "internally related" to a single tenant (enforced by our own logic) or "externally related" to multiple tenants; any tenant can access several of a substantial number of modules; a user, can be assigned to a module with one (out of a small fixed number of) role. A simplified schema and some test relationships and assertions can be accessed in this playground: https://play.authzed.com/s/1kZnxRpaud_A/assertions Writing relationships and checking permissions/relationships is not a problem for us with this schema as can be seen from the playground. The challenge comes when querying/modifying this relations in order to build the permission management for our application. * challenge 1: displaying all roles (and their corresponding module) for a given user (in the context of a given tenant) * challenge 2: replace the roles (and their corresponding modules) of a given user (in the context of a given tenant) * challenge 3: delete all the permissions of a given user (in the context of a given tenant). NOT all permissions for every tenant. All three challenges can be worked-around by issuing multiple lookup resources (one per role), merge the results to get a picture of the current relations and then, in the case we need to write/delete relationships, perform those multiple operations. But it kind of feels "hacky" and sensitive to become a problem if the number of roles increases in time. Does the community have good ideas or pointers on how to implement those permission management queries and commands against SpiceDB? https://cdn.discordapp.com/attachments/844600078948630559/1308024210639163392/modular_rbac.png?ex=673c6ff9&is=673b1e79&hm=2f8d301e071c73e0e8d16aa9c0b4cb0ef5b5695062ccf0252df1fbf3f633f00f&