SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hello, i need help with modeling the schema to support my usecase
 I have a list api  ***/accounts*** that returns a list of accounts. 
I have two types of users, 1) Global user 2) User within a territory.
For 1), /accounts should return all the accounts.
For 2), /accounts should return the accounts mapped to the user's territory.
 I have a `read` permission and `read_by_territory`. 

How do i merge them into a single permission? 

I tried using caveats but didn't succeed. Any help is greatly appreciated.

definition user {}

definition account {
    relation location: territory
    relation reader: user

    permission read = reader
    permission read_by_territory = read & location->assigned
}

definition territory {
    relation assigned_to: user
    permission assigned = assigned_to
}

`permission read = reader + location->assigned` seems like it ought to do it