If there is a hierarchy of access e.g. basic_access, detailed_access, full_access, you can have inherited permissions i.e. full_access implies detailed_access, which implies basic_access. Of course, this also requires you to have 3 endpoints for the different info. ReBAC is optimised for answering can X see Y of Z, rather than answering which Ys of Z can X see.