The thing that makes it a bit of a pain sometimes is you have to be careful about 2 things - some policies are per computer, easy enough, and some are per user, a bit harder (use wildcards and map back to the users table). The second thing is, the simple examples are good for understanding how it works, but in reality you should also query for the existence of a key and fail on the lack of it.