Our regular users have access to their own resources only + objects shared with them. So a a few dozen out of a ~5,000 Admins of various levels have access to different groups of resources. So some larger percentage of that total ~5,000 We also have event logs. At present we only allow admins who can read all of them to see any of them, because it's expensive to filter those down with policies. We have hundreds of thousands of items in that table. TBD if we moved to spicedb if I'd include those, rather than our current custom implementation for handling that table.