a may-be weird thought just popped up and happy for your input, dunno what triggered it: I think one can think of relations as "write model", and of permissions as "read model" (ref: CQRS), right? we're checking for permissions, so we're looking at a projection of one or more relations. so relations are the write model, and the read model a.k.a. permission is the projection. does that make any sense? (late here 😉 )