Second question - what's the recommendation for modeling attributes? For example: user A can only see post B if B has a privacy setting of PUBLIC. I found a related article that seems more focused on dynamic checks, vs a state value like this https://authzed.com/blog/caveats/