Is there anyway to perform Authorization query like "What all permission a user/group (subject) has on a given resource type"