But do remember that the account permission is heirarchical so if you know that a person will need access to a bunch of accounts try to design the model so it will allow you to move that person up a level hence grant access to multiple accounts in a single dAccounts= statement.
Also try to simplify access to information that is actually public in nature. Don't use it just to segregate content by say a department. Use a seperate metadata Element to designate the organization.
Much of what most organizations have is actually public internally, or should be unless there is a compelling legal reason for it to be secret. So create a high level group like /Public that everyone has read access to and then creat sub accounts that their department can write to like Public/HR.
But also remember that accounts is like a 30 character field so keep you design compact unless you intend to change the datatype.