When developing in-house APIs, especially to support frontend applications, role based access control is essential. Implementing role checks manually in code is cumbersome and error prone which is not ideal for any security control as well as being difficult to tell at a glance what roles are required for an endpoint. This talk demonstrates how we solved this problem at ANU with declarative annotations on the protobuf schemas for our ConnectRPC APIs with automatic enforcement at the library level while still exposing enough information to the developer to perform more fine grained data driven authorization where required.