#**Our assumptions:**

Hi @worldly sparrow, welcome to our community 👋

Your approach, specifically Option B, aligns well with the capabilities of Permify, focusing on managing permissions and relationships in Permify while your database handles region-specific data. Although this approach seems viable, we do not understand option A quite well. Specifically, why you want to consider storing permission relationships in your own database?

For gathering aggregated data like listing the regions a user has access to, your two-step approach is seems practical.

To implement step 1, you could use the Lookup Entity (Data Filtering) API endpoint, which allows you to query which resources (in this case, regions) a user can access based on their permissions. This API call returns the IDs of the entities (regions) that the user has permission to access.

Here's an example code snippet on how you might query Permify to get all region IDs a user can access:

cr, err := client.Permission.LookupEntity(context.Background(), &v1.PermissionLookupEntityRequest{
    TenantId: "t1",
    Metadata: &v1.PermissionLookupEntityRequestMetadata{
        SnapToken: "",
        SchemaVersion: "",
        Depth: 20,
    },
    EntityType: "region",
    Permission: "access",
    Subject: &v1.Subject{
        Type: "user",
        Id: "1",
    }
})

Authentication approach also seems viable.