ACL sync from external source best practices

Hi everyone,

Currently I’m trying to integrate Realm to the existing client-server app to use its sync functionality.
And what I also need to do is to ensure that users have the same access as in the existing server API.
Let’s say we store in Realm the collection of “Record” and each Record has ProjectId to which the user can have read or write access or no access at all.
So I’m wondering what is the best practices for something like that? Is custom function that will check permissions from our API or Mongo Atlas and apply corresponding roles something I’m looking for?
If it matters I use Custom JWT Auth provider.