No idea why you are getting downvoted. You are correct. The white paper section 2.3. Talks exactly about that. The namespace configuration pseudo-code show exactly how this is written. Took me over a year to arrive at this conclusion.

Exclusion (and intersection as well) provide for some very powerful computation primitives, with only a slight overhead in performance.

In addition, there is `tupleset_to_userset` [0], which can be thought of as an arrow (which is also how its defined in SpiceDB [1]).

[0]: https://zanzibar.tech/2D0HKhvxH0:0.IoJK1g_7i:4L~ses~0~1 [1]: https://docs.authzed.com/reference/schema-lang#--arrow

Yes. The white paper is very brief on details. Some systems in the wild totally miss the fact that a relation userset operation isn’t “include only”. That also applies to tupleset_to_userset.

I was in that misled camp for quite some time. One day it clicked, but only after realizing that the namespace config pseudo-code from section 2.3. IS what defines relationships: https://gruchalski.com/posts/2022-10-22-zanzibar-with-prolog.... Not the fancy object#relation@subject. That’s just the query language.