i.e. let's say, the Watch API notifies that the following relation has been removed:

resource:F1#reader@user:U1

In this case, from what I understand, the Lookup Watch API would call the LookupSubject API with the subject part user:U1 But the permission attribut is required in LookupSubjectsRequest, hence I cannot call the LookupSubject API, i.e.

LookupSubjectsRequest {
  ObjectReference: {
    ObjectType: user,
    ObjectId: U1,
  },
  permission: ???
}

Am I missing something ? thanks!