@User yep, I was thinking about post filtering, it just doesn’t look as elegant as I’d like it to be. If my query returns a page of 50 results, and on the postfiltering I find that 1 of these 50 is not authorized, what is the correct behavior? Just skip it? Query one more until I get an authorized? Return a bad request? Or 403? Not clear to me