it is a possibility, certainly, but fails to leverage the power of the schema language and the safety of explicitly defining your authorization logic through it. You capture the intent of the business domain in the schema, and with such approach the inheritance is no longer explicit - you'd need to look at the data to understand what's happening. Were that to change after requirements, you'd be forced to run a data migration, which is significantly more expensive, risky and time consuming than a schema update.