thank you for the reply @yetitwo Database schema is good way to put it.

WriteSchema

wouldn't be called by any users, but by an internal tool that would adjust it according to the APIs declared. (so, code generation) Perhaps for the example above, the more I think about, the more I am convinced that Option 1 is a unnecessary hassle for little gains (if any) But as a general rule, what about "authorisation as a service" in a way that a service is responsible for declaring its portion of the schema to be consumed by anyone, would that be an anti-pattern according to you? (I am trying not to have the whole company commiting into one repo)