if that returned way too many values for your application to handle, the last resource is denormalizing authorization closer to your database with

LookupWatch

. That's still WIP: https://github.com/authzed/spicedb/issues/207