In SpiceDB, this is known as the LookupResources [1] API, which returns all resources (of a particular type) that a particular subject (user in this case) has a particular permission on.
We have a guide on doing ACL-aware filtering and listing [2] with this API and describing other approaches for larger Enterprise scales
Disclaimer: I'm the co-founder and CTO of AuthZed, we develop SpiceDB, and I wrote our most recent implementation of LookupResources
We actually have users that synchronize their resources from various sources (AWS, Kubernetes, etc) into SpiceDB, explicitly so they can perform these kinds of queries!
One of the major benefits of a centralized authorization system is allowing for permissions queries across resources and subjects from multiple different services/sources (of course, with the need to synchronize the data in)
Happy to expand on how some users do so, if you're curious.
I just want to point out you have to take care about that, yes you can have a trigger or a transaction to make sure it happens but it isn't there out of the box
Location: Spain
Remote: yes
Willing to relocate: no
Technologies: Full Stack Javascript, Android, iPhone, Machine Learning
Resume: http://eliocapella.com/resume.html
email: me at eliocapella.com
