Well if the authorization check was made against values in the database, then you might include this in your GetDBCount() as a filter to only return the total number of entities qualified to be seen by the user, which you should use to count the number of pages needed.
Then again you may use the same filter in the fetch method.
But if the check was on some system parameter not in the database, then you might fetch a collection just to determine the authorized PKs of the entities to fetched in a second fetch. (And you might execlude most the fields in your first guiding fetch).
Then you should use the list of PKs accessible to the user in your other paging fetches.
Also using this technique you wount need to call GetDBCount() to know the total number of items as you can use the Count of the first fetched guiding Collection.