And for a question on modelling permissions: does it make sense to model guest permissions through this kind of system too, and if so, what's the best approach? I suppose more generically, this is a question of "how does it make sense to model global permissions" – in our case we do recruitment software, so the guest user might be a job applicant, who naturally should have the permission to submit an application