Thanks, my thinking was the same regarding the ordering. Probably going to continue using the rollback just because it's the lesser risk (in case the code is not properly checking). 'in the few instances where the data is duplicated' interesting you say that because the way I'm thinking about it, it should always be "duplicated" data, right? Or do you mean something else? I think of the Authzed db as a redundant data structure, similar to a db index, where the data required for authorization is still kept in the application db. Are there any scenarios where you'd update Authzed but not the application db?