Hi, I would like to enable AuthZ for my users that are admins in their own clients to configure permissions on run time. Like user a belongs to group x, group x is allowed to read all projects. Or things like user b is allowed to write a specific document… i also want to link ad security groups and their members when using idp. Is this a good usecase spicedb can handle? All the examples i found are only defined with the zanzibar schema. Could not find anything that does the mapping in the backend… do i really need to write the wrapper myself or is there any golang solution to that?

yes, spicedb is capable of all of that. what do you mean by "doing the mapping in the backend?"

The user should not be forced to use the zanziba schema language. The ui should provide things like, user x is allowed to read document y with a checkbox. And my question here is: do i need to map this setting to the zanzibar language myself or is there a wrapper where i can just pass the document type, id, user id, tenant id, right/role and it creates the tuple. So basically a sdk that takes alot of work from me.

yeah, agreed that a user should never be writing schema. it's the DDL of your authz system.