Which user's jwt token belongs to, how can only data belonging to that user's be retrieved?

Hi

This is a good starting point for Data Ownership problem; however, my question is, can the policy be applied to GraphQL quires and mutations? I have asked this on the forum and haven’t gotten a reply yet.