It's only complex if you have complex requirements. If you have simple requirements, it's a snap.
Are you trying to restrict the read/write on every property in your app individually? That is complex, but is very rare.
Most properties of most apps are unrestricted - at least for read - and so require no code.
If you really do have super-granular authz requirements from your business users, then it is true that it can get complex - but that's true of any authz implementation with complex business requirements.
Can you clarify a bit as to why you expect this to become complex for you?
Copyright (c) Marimer LLC