Thanks @Petra Korinne Frikowski
by using OPA to automatically validate we deemed as "low risk", stuff like pubsubs, modifications to service accounts and roles (This is a GCP environment)
We found that these low risk requests accounted for roughly 40% of the request changes we had to vet. So we had them run through OPA, OPA matches to the low risk, and automatically approves them
empowering each tenant to make changes with confidence that OPA won't let them step on someone else's space