You're tasked with enhancing a user's profile page to display all resources they can access, but doing so requires touching the permission system, which is stored in SQL. The permission system has multiple tables and joins are needed to fetch data, resulting in high latency. After discussing with the code-owners, they propose denormalizing their schema for better performance, but it's a major rewrite and security critical. You're left to balance delivering value with robustness and long-term maintenance. The problem is ACL filtering, which can be achieved through prefiltering or postfiltering methods. Prefiltering determines accessible objects before fetching, while postfiltering discards fetched objects based on access. The query planner's performance prediction for JOINs is uncertain, making it challenging to decide between relational databases and alternative solutions like Authzed.