SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hey folks. Could you tell me what's best practice to manage child resources permissions in "detach" mode? I want to implement functionality like in Google Drive (screenshot below). So, when parent set to `Editor`, and you change child access to `Viewer`, I want to let customer override parent permission and let it be parent as Editor, but child as Viewer. When following the examples of typical implementation it doesn't give a desired result
```
definition folder {
  relation parent: folder
  relation viewer: user
  relation editor: user

  permission read = parent->read + viewer + editor
  permission write = parent->write + editor
}
```

Because if `editor` is absent on child folder, it resolves through its parent `parent->write`. Any ideas how I can forbid SpiceDB traverse to parent if either `viewer` or `editor` relation is defined? Thanks!
https://cdn.discordapp.com/attachments/844600078948630559/1339889247997399090/image.png?ex=67b05c9a&is=67af0b1a&hm=26e905e8f79cef109ef7e125533887f3a792bdc63fc98a34d24e23205417a75a&