there are three approaches: 1) prefiltering: call LookupResources API to get the list of visible resources, send to Postgres 2) postfiltering: get the list from Postgres, call CheckBulkPermission on each to determine what the user can see 3) use Materialize: https://authzed.com/docs/authzed/concepts/authzed-materialize