diff --git a/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/DependencyInjection/GalaxyRepositoryServiceCollectionExtensions.cs b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/DependencyInjection/GalaxyRepositoryServiceCollectionExtensions.cs
index 38596c9..9bc484b 100644
--- a/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/DependencyInjection/GalaxyRepositoryServiceCollectionExtensions.cs
+++ b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/DependencyInjection/GalaxyRepositoryServiceCollectionExtensions.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using ZB.MOM.WW.GalaxyRepository.Grpc;
 
@@ -52,6 +53,9 @@ public static class GalaxyRepositoryServiceCollectionExtensions
         services.AddSingleton<IGalaxyHierarchyCache, GalaxyHierarchyCache>();
         services.AddHostedService<GalaxyHierarchyRefreshService>();
 
+        // Allow the hosting gateway to override with its own scoped implementation.
+        services.TryAddSingleton<IGalaxyBrowseScopeProvider, NullGalaxyBrowseScopeProvider>();
+
         return services;
     }
 
diff --git a/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/IGalaxyBrowseScopeProvider.cs b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/IGalaxyBrowseScopeProvider.cs
new file mode 100644
index 0000000..fab290c
--- /dev/null
+++ b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/IGalaxyBrowseScopeProvider.cs
@@ -0,0 +1,20 @@
+using Grpc.Core;
+
+namespace ZB.MOM.WW.GalaxyRepository.Grpc;
+
+/// <summary>
+///     Resolves the browse-subtree glob patterns the current caller is allowed to see.
+///     Lets a hosting gateway scope <see cref="GalaxyRepositoryGrpcService"/> results per
+///     identity without the library knowing the host's authorization model. The default
+///     <see cref="NullGalaxyBrowseScopeProvider"/> applies no scoping (full hierarchy).
+/// </summary>
+public interface IGalaxyBrowseScopeProvider
+{
+    /// <summary>
+    ///     Returns the allowed browse-subtree globs for the current call, or
+    ///     <see langword="null"/>/empty for no restriction (full hierarchy).
+    /// </summary>
+    /// <param name="context">The gRPC server call context for the current request.</param>
+    /// <returns>The allowed browse-subtree globs, or <see langword="null"/> for no restriction.</returns>
+    IReadOnlyList<string>? ResolveBrowseSubtrees(ServerCallContext context);
+}
diff --git a/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/NullGalaxyBrowseScopeProvider.cs b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/NullGalaxyBrowseScopeProvider.cs
new file mode 100644
index 0000000..0339909
--- /dev/null
+++ b/ZB.MOM.WW.GalaxyRepository/src/ZB.MOM.WW.GalaxyRepository/Grpc/NullGalaxyBrowseScopeProvider.cs
@@ -0,0 +1,10 @@
+using Grpc.Core;
+
+namespace ZB.MOM.WW.GalaxyRepository.Grpc;
+
+/// <summary>Default <see cref="IGalaxyBrowseScopeProvider"/> that applies no scoping (full hierarchy).</summary>
+public sealed class NullGalaxyBrowseScopeProvider : IGalaxyBrowseScopeProvider
+{
+    /// <inheritdoc />
+    public IReadOnlyList<string>? ResolveBrowseSubtrees(ServerCallContext context) => null;
+}