Thanks Joey. So say we has a self-service access for customers to administer their org membership. This service would modify data in SpiceDB. Likewise when we added a new customer account, that account would be added to SpiceDB.
This is is different than say a Rego policy that says user must have orgid that matches the resources' orgid in that SpiceDB has knowledge of all the attributes and not just of rules pertaining to those attributes.
I think ?