It’s getting there, but it does not handle permissions so you either have to add a bunch of rules through the database (such as RLS on Postgres) or define a permission schema.

Trying to see how far inference can go given that queries usually specify this information (ex: where(r => r.author == $SESSION.AUTHOR_ID)).