Warning from Yatish Mehta: using FGA effectively duplicates many-to-many/foreign-key relationships from your domain models into a normalized tuple store. Application code must update tuples on every create/update/delete of a tracked relationship (e.g. after_commit hooks). Inside a monolith this can be kept in a single transaction; with authorization-as-a-service it must be synced across systems. Track only the relationships that matter for authorization.