Identity and access management are crucial for database security, especially as companies grow and handle increasing amounts of data from diverse sources. Effective authorization in databases can prevent data leakage by controlling who can see or manipulate specific data, which is particularly important when dealing with confidential information. In graph databases like Memgraph, authorization involves restricting operations based on node labels or relationship types, allowing for the construction of multiple views or subgraphs defined by user privileges. To implement granular access control, Memgraph designed permissions based on corporate hierarchies, ranging from READ, which allows users to view data, to CREATE_DELETE, which grants full manipulation rights. The challenge lies in integrating these controls into the database's query execution mechanisms, such as the operator tree, to ensure that users can only access data for which they have appropriate clearance. The approach involves modifying specific operators like ScanAll and Expand to enforce read permissions, while leaving others like Filter and Produce untouched to maintain efficient query processing. The process of implementing these controls is complex but necessary to safeguard sensitive data while providing users with the access they need.