Josephschorr

**Name of the Vulnerable Software and Affected Versions** SpiceDB versions prior to 1.33.1 **Description** The issue is related to incorrect permission handling in SpiceDB, which can lead to a situation where a user is reported as not having access to a resource when they actually do. This occurs when an exclusion is used under an arrow with multiple resources, resulting in `NO PERMISSION` being returned when `PERMISSION` is expected. The problem arises when a resource exists under multiple folders and the user has access to view more than one folder, causing SpiceDB to fail in requesting all folders where the user is a member. This issue affects the `CheckPermission` API. **Recommendations** For versions prior to 1.33.1, upgrade to version 1.33.1 to resolve the issue. As a temporary workaround, consider restricting access to the `CheckPermission` API until the upgrade is applied. Avoid using exclusions under arrows with multiple resources in the permission schema until the issue is resolved.