sure - basically, with SpiceDB we can almost always maintain the permission request to the scope of the entity and rely on the graph to resolve it, i.e. updating

ParentEntity

only really requires knowing about

ParentEntity

. But lets say in order to create a

ChildEntity

, which is a child of

ParentEntity

, it requires

write

permission on the specific

ParentEntity

. This puts a requirement that creating a specific

ChildEntity

would have to know that it needs to check permission on the parent

ParentEntity

first. Its not a difficult thing to do, but the simplicity of having dynamic permission checks only have to care about the entity its modifying is really convenient. I didn't know if there was some creative way to keep the logic encapsulated for creation as well