First off, thanks for your work!

I wanted to ask why in onury/accesscontrol the action also includes the possession, e.g. create:any, read:own and so on, while this package has separated action and possession? It seems that it only increases the boilerplate that we have to decorate each endpoint with.

i agree with this as well