Yeah, there are some scenarios where it makes sense to only have relationships in authzed. You can avoid having any FKs in your db and treat those objects as "flat". It's not for everything, but it's quite flexible because you can change the authzed schema and never touch your app code or db. Pushing more stuff into authzed starts to make more sense once you have multiple apps where they both want to check the same permissions (eg microservices or support tooling for your monolith). For example, if you don't need any metadata, "groups" of users can often be purely done in authzed with nothing in the app db.