My company has multiple products, and we are using Auth0 for authentication (CIAM). I want to use SpiceDB and provide authorization-as-a-service for all products in the company. I want to define policies to avoid products (teams) stepping on each other.
* Each team defines its authorization models and manages them.
* To enforce policy-as-code, I want teams to define their authorization models in GitHub and have a GitHubAction lint, test, and sync with SpiceDB.
* Restrict team-B updating team-A's authorization model (maybe through GitHub owners).
Allow products to cross-check relationships (product-A can check permission on product-B)
* Restrict who can query for permission or relationships
Are these possible? Any recommendations/suggestions?
Thanks