I liked this framing from the docs

Relations define how objects can relate to other objects. Permissions are how we interpret relations to make access control decisions

So seems like thinking of permissions as a projection of relationships isn't far off.