diff --git a/cache.go b/cache.go
index d2d09d7..35b625c 100644
--- a/cache.go
+++ b/cache.go
@@ -29,8 +29,8 @@ type UsageCache interface {
 }
 
 type PermissionCache interface {
-	GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, map[string]interface{}, error)
-	SetUserPermission(ctx context.Context, projectID uint64, userID string, userPerm *proto.UserPermission, resourceAccess map[string]interface{}) error
+	GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, *proto.ResourceAccess, error)
+	SetUserPermission(ctx context.Context, projectID uint64, userID string, userPerm *proto.UserPermission, resourceAccess *proto.ResourceAccess) error
 	DeleteUserPermission(ctx context.Context, projectID uint64, userID string) error
 }
 
@@ -171,11 +171,11 @@ func (s *RedisCache) SpendComputeUnits(ctx context.Context, redisKey string, amo
 }
 
 type cacheUserPermission struct {
-	UserPermission *proto.UserPermission  `json:"userPerm"`
-	ResourceAccess map[string]interface{} `json:"resourceAccess"`
+	UserPermission *proto.UserPermission `json:"userPerm"`
+	ResourceAccess *proto.ResourceAccess `json:"resourceAccess"`
 }
 
-func (s *RedisCache) GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, map[string]interface{}, error) {
+func (s *RedisCache) GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, *proto.ResourceAccess, error) {
 	cacheKey := fmt.Sprintf("%s%s", redisKeyPrefix, getUserPermKey(projectID, userID))
 	raw, err := s.client.Get(ctx, cacheKey).Bytes()
 	if err != nil {
@@ -191,7 +191,7 @@ func (s *RedisCache) GetUserPermission(ctx context.Context, projectID uint64, us
 	return v.UserPermission, v.ResourceAccess, nil
 }
 
-func (s *RedisCache) SetUserPermission(ctx context.Context, projectID uint64, userID string, userPerm *proto.UserPermission, resourceAccess map[string]interface{}) error {
+func (s *RedisCache) SetUserPermission(ctx context.Context, projectID uint64, userID string, userPerm *proto.UserPermission, resourceAccess *proto.ResourceAccess) error {
 	v := cacheUserPermission{
 		UserPermission: userPerm,
 		ResourceAccess: resourceAccess,
diff --git a/client.go b/client.go
index fbfa5c6..78575b9 100644
--- a/client.go
+++ b/client.go
@@ -139,9 +139,9 @@ func (c *Client) FetchUsage(ctx context.Context, quota *proto.AccessQuota, now t
 	return 0, proto.ErrTimeout
 }
 
-func (c *Client) FetchUserPermission(ctx context.Context, projectID uint64, userID string, useCache bool) (*proto.UserPermission, map[string]any, error) {
+func (c *Client) FetchUserPermission(ctx context.Context, projectID uint64, userID string, useCache bool) (*proto.UserPermission, *proto.ResourceAccess, error) {
 	var userPerm *proto.UserPermission
-	var resourceAccess map[string]interface{}
+	var resourceAccess *proto.ResourceAccess
 	var err error
 
 	// Check short-lived cache if requested. Note, the cache ttl is 10 seconds.
diff --git a/middleware/access.go b/middleware/access.go
index ab5fa1e..b60a83b 100644
--- a/middleware/access.go
+++ b/middleware/access.go
@@ -21,7 +21,7 @@ type Client interface {
 	IsEnabled() bool
 	FetchKeyQuota(ctx context.Context, accessKey, origin string, now time.Time) (*proto.AccessQuota, error)
 	FetchUsage(ctx context.Context, quota *proto.AccessQuota, now time.Time) (int64, error)
-	FetchUserPermission(ctx context.Context, projectID uint64, userID string, useCache bool) (*proto.UserPermission, map[string]any, error)
+	FetchUserPermission(ctx context.Context, projectID uint64, userID string, useCache bool) (*proto.UserPermission, *proto.ResourceAccess, error)
 	SpendQuota(ctx context.Context, quota *proto.AccessQuota, computeUnits int64, now time.Time) (bool, error)
 }
 
diff --git a/proto/clients/quotacontrol.gen.ts b/proto/clients/quotacontrol.gen.ts
index e5c2471..c784837 100644
--- a/proto/clients/quotacontrol.gen.ts
+++ b/proto/clients/quotacontrol.gen.ts
@@ -1,5 +1,5 @@
 /* eslint-disable */
-// quota-control v0.1.0 a6f31d32edbb0b3c3050fa4881591aa56fa39f9a
+// quota-control v0.1.0 2a3106e864c588edf77ad9ac94cb91dad9fd127d
 // --
 // Code generated by webrpc-gen@v0.13.0-dev with typescript@v0.12.0 generator. DO NOT EDIT.
 //
@@ -12,7 +12,7 @@ export const WebRPCVersion = "v1"
 export const WebRPCSchemaVersion = "v0.1.0"
 
 // Schema hash generated from your RIDL schema
-export const WebRPCSchemaHash = "a6f31d32edbb0b3c3050fa4881591aa56fa39f9a"
+export const WebRPCSchemaHash = "2a3106e864c588edf77ad9ac94cb91dad9fd127d"
 
 //
 // Types
@@ -85,6 +85,20 @@ export interface ProjectStatus {
   ratelimitCounter: number
 }
 
+export interface Subscription {
+  Tier: string
+}
+
+export interface Minter {
+  Contracts: Array<string>
+}
+
+export interface ResourceAccess {
+  projectId: number
+  subscription: Subscription
+  minter: Minter
+}
+
 export interface QuotaControl {
   getProjectStatus(args: GetProjectStatusArgs, headers?: object, signal?: AbortSignal): Promise<GetProjectStatusReturn>
   getAccessKey(args: GetAccessKeyArgs, headers?: object, signal?: AbortSignal): Promise<GetAccessKeyReturn>
@@ -283,7 +297,7 @@ export interface GetUserPermissionArgs {
 
 export interface GetUserPermissionReturn {
   permission: UserPermission
-  resourceAccess: {[key: string]: any}  
+  resourceAccess: ResourceAccess  
 }
 
 
@@ -592,7 +606,7 @@ export class QuotaControl implements QuotaControl {
       return buildResponse(res).then(_data => {
         return {
           permission: <UserPermission>(_data.permission),
-          resourceAccess: <{[key: string]: any}>(_data.resourceAccess),
+          resourceAccess: <ResourceAccess>(_data.resourceAccess),
         }
       })
     }, (error) => {
diff --git a/proto/proto.gen.go b/proto/proto.gen.go
index bee0f76..bd87e30 100644
--- a/proto/proto.gen.go
+++ b/proto/proto.gen.go
@@ -1,4 +1,4 @@
-// quota-control v0.1.0 a6f31d32edbb0b3c3050fa4881591aa56fa39f9a
+// quota-control v0.1.0 2a3106e864c588edf77ad9ac94cb91dad9fd127d
 // --
 // Code generated by webrpc-gen@v0.13.0-dev with golang@v0.13.7 generator. DO NOT EDIT.
 //
@@ -30,7 +30,7 @@ func WebRPCSchemaVersion() string {
 
 // Schema hash generated from your RIDL schema
 func WebRPCSchemaHash() string {
-	return "a6f31d32edbb0b3c3050fa4881591aa56fa39f9a"
+	return "2a3106e864c588edf77ad9ac94cb91dad9fd127d"
 }
 
 //
@@ -228,6 +228,20 @@ type ProjectStatus struct {
 	RatelimitCounter int64  `json:"ratelimitCounter"`
 }
 
+type Subscription struct {
+	Tier string `json:"tier"`
+}
+
+type Minter struct {
+	Contracts []string `json:"contracts"`
+}
+
+type ResourceAccess struct {
+	ProjectID    uint64        `json:"projectId"`
+	Subscription *Subscription `json:"subscription"`
+	Minter       *Minter       `json:"minter"`
+}
+
 type QuotaControl interface {
 	GetProjectStatus(ctx context.Context, projectId uint64) (*ProjectStatus, error)
 	GetAccessKey(ctx context.Context, accessKey string) (*AccessKey, error)
@@ -249,7 +263,7 @@ type QuotaControl interface {
 	UpdateProjectUsage(ctx context.Context, service *Service, now time.Time, usage map[uint64]*AccessUsage) (map[uint64]bool, error)
 	UpdateKeyUsage(ctx context.Context, service *Service, now time.Time, usage map[string]*AccessUsage) (map[string]bool, error)
 	UpdateUsage(ctx context.Context, service *Service, now time.Time, usage map[string]*AccessUsage) (map[string]bool, error)
-	GetUserPermission(ctx context.Context, projectId uint64, userId string) (*UserPermission, map[string]interface{}, error)
+	GetUserPermission(ctx context.Context, projectId uint64, userId string) (*UserPermission, *ResourceAccess, error)
 }
 
 var WebRPCServices = map[string][]string{
@@ -1301,8 +1315,8 @@ func (s *quotaControlServer) serveGetUserPermissionJSON(ctx context.Context, w h
 	}
 
 	respPayload := struct {
-		Ret0 *UserPermission        `json:"permission"`
-		Ret1 map[string]interface{} `json:"resourceAccess"`
+		Ret0 *UserPermission `json:"permission"`
+		Ret1 *ResourceAccess `json:"resourceAccess"`
 	}{ret0, ret1}
 	respBody, err := json.Marshal(respPayload)
 	if err != nil {
@@ -1648,14 +1662,14 @@ func (c *quotaControlClient) UpdateUsage(ctx context.Context, service *Service,
 	return out.Ret0, err
 }
 
-func (c *quotaControlClient) GetUserPermission(ctx context.Context, projectId uint64, userId string) (*UserPermission, map[string]interface{}, error) {
+func (c *quotaControlClient) GetUserPermission(ctx context.Context, projectId uint64, userId string) (*UserPermission, *ResourceAccess, error) {
 	in := struct {
 		Arg0 uint64 `json:"projectId"`
 		Arg1 string `json:"userId"`
 	}{projectId, userId}
 	out := struct {
-		Ret0 *UserPermission        `json:"permission"`
-		Ret1 map[string]interface{} `json:"resourceAccess"`
+		Ret0 *UserPermission `json:"permission"`
+		Ret1 *ResourceAccess `json:"resourceAccess"`
 	}{}
 
 	err := doJSONRequest(ctx, c.client, c.urls[20], in, &out)
diff --git a/proto/proto.ridl b/proto/proto.ridl
index 92d5a2d..ccb93cf 100644
--- a/proto/proto.ridl
+++ b/proto/proto.ridl
@@ -77,6 +77,20 @@ struct ProjectStatus
   - usageCounter: int64
   - ratelimitCounter: int64
 
+struct Subscription
+  - Tier: string
+    + go.tag.json = tier
+
+struct Minter
+  - Contracts: []string
+    + go.tag.json = contracts
+
+struct ResourceAccess
+  - projectId: uint64
+    + go.field.name = ProjectID
+  - subscription: Subscription
+  - minter: Minter
+
 error 1001 Timeout            "Request timed out" HTTP 408
 error 1002 LimitExceeded      "Request limit exceeded" HTTP 429
 error 1003 InvalidOrigin      "Invalid origin" HTTP 403
@@ -116,4 +130,4 @@ service QuotaControl
   - UpdateUsage(service: Service, now: timestamp, usage: map<string,AccessUsage>) => (ok: map<string,bool>)
 
   # User permissions for a projectId
-  - GetUserPermission(projectId: uint64, userId: string) => (permission: UserPermission, resourceAccess: map<string,any>)
+  - GetUserPermission(projectId: uint64, userId: string) => (permission: UserPermission, resourceAccess: ResourceAccess)
diff --git a/quotacontrol.go b/quotacontrol.go
index 0333c2b..4589efe 100644
--- a/quotacontrol.go
+++ b/quotacontrol.go
@@ -34,7 +34,7 @@ type CycleStore interface {
 }
 
 type PermissionStore interface {
-	GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, map[string]interface{}, error)
+	GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, *proto.ResourceAccess, error)
 }
 
 type Cache struct {
@@ -445,7 +445,7 @@ func (q qcHandler) DisableAccessKey(ctx context.Context, accessKey string) (bool
 	return true, nil
 }
 
-func (q qcHandler) GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, map[string]interface{}, error) {
+func (q qcHandler) GetUserPermission(ctx context.Context, projectID uint64, userID string) (*proto.UserPermission, *proto.ResourceAccess, error) {
 	perm, access, err := q.store.PermissionStore.GetUserPermission(ctx, projectID, userID)
 	if err != nil {
 		return perm, access, proto.ErrUnauthorizedUser
diff --git a/util.go b/util.go
index 6deaf93..c765fcf 100644
--- a/util.go
+++ b/util.go
@@ -16,6 +16,8 @@ const (
 	UserPermission_ADMIN        = proto.UserPermission_ADMIN
 )
 
+type ResourceAccess = proto.ResourceAccess
+
 type DefaultCycleStore struct{}
 
 func (s DefaultCycleStore) GetAccessCycle(ctx context.Context, projectID uint64, now time.Time) (*proto.Cycle, error) {