there isn't a way that i know of. https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.ExpandPermissionTree may help a bit, because it lets you explicitly unpack each hop. what's the use case? the assumption with SpiceDB is typically that the checks/lookups are on the terminal permissions, and the structure and data in between are implementation details of your system.