How would we implement access control, by having a copy of user id and his access permissions in our database?