Hey! We are actively using Ory Kratos & Hydra, and planning to introducing Keto into the mix but we're running into bottlenecks developing our permission model. At a high-level, users can have roles with specific permissions over specific resources, for example - User A, can have a the "*Owner*" role, with the "*edit*" permission:

// Grant the "owner" role to the user on "example" resource
resourceRoleBindings:example#owner@user

// Ensure the "example" resource allows "edit" permission when someone has the "owner" role
resources:example#edit@(resourceRoleBindings:example#owner)

Whilst this works, this also means that if we added a new permission (for example, delete) to the "owner" role, we would need to loop through each and every resource to ensure it knows that the owner role now has the delete permission. Unfortunately this won't scale in a system where we have 100K+ resources and over 200 unique permissions - Is there a way to escaping having to explicitly tell each object which role can perform what permissions? Perhaps some way to define the permissions a role has without coupling it to a specific object?