Access Tokens or alternatives with microservices for determining User Access to Database resources

Hi I have following structure :

Client App (layer 1) Business logic Services ( Layer 2)

Business Logic layer consists of many microservices . Access token can be created and passed from APP layer to business logic layer. Business logic layer could validate the access token and allow access to required operations.

But Scenario is : user A logged in can access Resource 1 but not Resource 2 ( here resource means Individual records in database ) . How would I manage this situation ? These checks to resource is quite expensive and ideally would require to be done once.

However, Should each of my business layer microservices cross check always if user can access resource ? Or Should there be a separate access token created when user tries to open each resource and pass to business logic layer so that it can trust and allow?