like we're primarily using

LookupResources

for endpoints where for most use cases it makes sense to ask "what can the user access" and then hand that to the DB