So if I were to check permission of a user to access a resource, and instead of defining all the users that are allowed access one by one, I could define all users are allowed access