SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

i.e. let's say, the Watch API notifies that the following relation has been removed:
`resource:F1#reader@user:U1`

In this case, from what I understand, the Lookup Watch API would call the LookupSubject API with the subject part user:U1

But the permission attribut is **required** in LookupSubjectsRequest, hence I cannot call the LookupSubject API, i.e.

```
LookupSubjectsRequest {
  ObjectReference: {
    ObjectType: user,
    ObjectId: U1,
  },
  permission: ???
}
```

Am I missing something ?

thanks!