SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hello all. A question since I feel that I may be missing something. Is there support for checking a relationship/permission of a subject for all resources of a specific type or resources that do not yet exist?
To be more specific: Let's assume that we have a resource definition of type "document". I want to model a relationship/permission of "can_create", i.e. depicting whether a user can indeed create a new resource of that type. I do have roles, to which the user has been assigned to, and those roles are depicted in spicedb as different resources already.
When performing something like: `zed permission check "scenario/case:*" "can_create" "user:user_a"`, I get an error stating that the ObjectId should be alphanumeric.
In a different approach, I explicitly define a new resource type named "action" like:
```
  definition action {
    relation allowed: user:*
  }
```
Then by adding a new relationship like:
works as expected. In such approach though I seem to be missing a way to add a permission checking another permission for granting access, i.e. a user is a member of a role