Hi guys, I have a quick question on SpiceDB and OpenSearch. We have folders, projects, and assets where we want to use SpiceDB to manage permissions. We also want to introduce OpenSearch (or Elastic), and what's unclear to us is how this system swill work with each other to ensure that searches only return results that are authorized. Is there a recommended way of doing this?

We built Authzed Materialize to support this kind of use-cases, which require denormalization of all permission checks to be stored in an external index (like a search index). If your search results don't return too many elements, you can filter in the application size using CheckBulk API or LookupResources. At some point when the number of elements is to large, that won't scale, so you'll need to build a secondary index a-la Authzed Materialize.