Have you looked into Local Authorization? https://www.osohq.com/docs/develop/facts/local-authorization it lets you apply authz filters to paginated search over a database, even if some of the data the authz depends on isn't stored in the database

Create, edit, and save policies to your environment in just one click with Oso’s Policy Editor! It also provides inline error messages; alerting you immediately whenever you don’t have valid policy. Read more about using our Policy Editor.