To work with lots of users and bags in TiddlyWeb you need to understand bags, policies, users and user roles.
The fundamental concern in this situation is creating a structure that is easy to understand and easy to maintain. While the first thought might be to create bag policies that list lots of users, this is not ideal. Adding a username in potentially many policies is cumbersome, prone to error and the policy files may become large enough that they are expensive to process.
A better solution is to use roles. Role names are put in policy statements. When users are created, they are given the required roles. In the future when a user's level of access changes, they simply need to have their roles changed or their account deleted: there's no need to go digging around in policies.
See also: * How do I add a user? * How do I give a user a role? * How do I set or edit a bag policy?