we have most all of our user / org data in mongo. so what we've been trying to do is use mongo records for end user CRUD data and translate that into spicedb relations. Then applications do the checks internally. It makes it easier for end users to interact with data that is a bit more user friendly, and it also gives us a layer of anit-corruption where, if we really had to we could use our mongo docs to rebuild the permissions database.