#Creating An Authorization System That Implements Spring's GrantedAuthority

I am trying to figure out what are the common methods of implementing endpoint authorization information.
For example I can implement GrantedAuthority as a simple read, update, delete, create strings. but that will not hold information on to whom those granted authorities are for. Does that mean, I also need to include some resource URI in the authorization inforamtion GrantedAuthoirty implmenetation. or maybe implement authorization as two tables many to many tables where many useres can perform various actions on many resources and If I were to do that, I also need to make the authorization data be synced with the resources' data

This is the first time I am attempting to implement spring security for a backend project and I would appreciate if there is a resource that explains the process/data model and how to think about it.

⌛ This post has been reserved for your question.

Hey @upper dirge! Please use /close or the Close Post button above when you're finished. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.

TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.