Questions: 1. Seems like listing is a problem with ReBAC system. Getting list of id's from auth system to pass to db seems like the only good option. Getting list from db and then checking for permissions can run to problem like going over 100s of records before saying no permissions. 2. In ABAC systems, seprating auth logic from app login seems more fesible then ReBAC systems. As in ReBAC systems authz becomes developers responsibility. 3. Working with cross-db transactions also is a challenge as if creation of resource in Authz fails we have to revert the db changes and vise-versa. 4. Using cavates for ABAC like systems seems like getting attributes from db first and then checking or you think resource planning in this case works too? Please correct me, If I am wrong and thank you in advance.