SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hello,
I am wondering how to design a usecase based around feature flags for apikeys. Typically, if we have superadmin users who can create apikeys and each apikey can have a list of feature hierarchy that can be enabled.
For exemple:
```
apikeyA can access:
  REST api (all sub-features)
  GRPC api (just subset)
    feature foo
    feature bar
apikeyB can access:
  REST api (just a subset)
    baz
  GRPC api (all)
```
How would you model something like this using spicedb/zanzibar ?

Hi, I think it could be modelled as follows:

```
definition Key {

}

definition API {
  relation featureA: Key
  relation featureB: Key
  relation allFeatures: Key
  
  permission canAllFeatures: allFeatures + (feature & featureB)
  permission canFeatureA: canAllFeatures + featureA
  permission canFeatureB: canAllFeatures + featureB
}
```

following your example a relationship that looks like: `API/Rest#featureA@Key:123` means apikey `123` has access to `featureA` in the `Rest` api, right ?

it would be actually `API:Rest#featureA@Key:123`