SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

Hi,
I was trying out some scenarios.
* User(s) needs to be  part of Group A, B & C to have a relation X on resource Z.

I was able to achieve this with something like below but is there any better way to do this ?

definition resource {
    relation owner: user | organization 
    permission admin = owner + owner->admin - blocked
    relation blocked: user | group#member
    relation membership1: group#member
    relation membership2: group#member
    relation membership3: group#member
    permission view = owner + owner->admin + (membership1 & membership2 & membership3) 
}