Let's say I have a web application which I want to display a hierarchy of groups. For example, there is a user that 'manages' that groups. So for us to able to let the web app display the group's hierarchy we should build the tree in the service (the authorization service in our case) and then pass it back to the web app. To be more practical, this is a partial example of our proto message response:

proto
// Group represents a group within the authorization system.
// Each group has a unique identifier and can contain sub-groups.
message Group {
    // Unique identifier for the group.
    string group_id = 1;
    // A list of sub-groups that are nested within this group.
    repeated Group sub_groups = 2;
}

message GetGroupsResponse {
    repeated Group groups = 1;
}

Regarding the ExpandPermissionTree, I read this post [LookupResources vs ExpandPermissionTree](https://linen.authzed.com/t/16143061/lookupresources-vs-expandpermissiontree) and it seems that writing a recursive method would be better than using the

ExpandPermissionTree

recursively. vroldanet also states in the post "*I've rarely seen folks using expand, and when they did, what they actually needed was lookup resources*"