There isn't an API that returns all permissions a given subject has on a given resource, though it's something we're thinking about. Today, you need to do a check permission request for each possible permission to obtain the list of permissions a given subject has on a given resource. It might not be necessary for you to load all permissions upfront, though. Typically, the only reason you would need to load all permissions for a specific resource user combination is if you need to display a list of available permissions alongside the object. If you don't need a list of permissions displayed alongside the object, I recommend that you issue check permission requests when the user attempts to act on an object. (e.g. check if a user has update permission on an object when they try to modify it)