in a microservice environment, I figure I should use one spice deployment for all services, and prefixes on a domain/service-basis (whatever makes sense scope-wise). However, the documentation notes in one part that > SpiceDB supports an optional prefix for Object Types that can be used for enforcing security boundaries when multiple tenants are using the same deployment. But in a different piece of documentation, it's stated that > For SpiceDB, prefixes can be used to logically group types, but are otherwise unnecessary. I would really like to restrict write access based on namespace/prefix, such that services can only update the objects and relations they own. Is this possible in Spice?