We Built an Authorization Engine That the Fortune 100 Bet On

Using something like this for centralized authorization across services works well for binary access control decisions.

But the problem that remains is "authorized search" in an efficient way. Asking permify what resources a user can access and then query the app postgres db with "WHERE resource_id IN ( {list}, {with}, {many}, {IDs}, ... )" does not scale well. How to solve this?