I've found a problem with both the Grant and Delete permissions for a list item workflow step. Here is the scenario:
A document library with several hundred documents. Each document has 2 metadata person fields, 1 for the person who uploads and another for their supervisor (entered by the creator). Then a workflow runs that removes the SharePoint group for all authenticated
users and adds contribute permission for the 2 users in the metadata.
Each time the workflow runs, at least one more "limited access" user is added, until there are several hundred. When you get to around 200 or more of these, the grant and delete permission workflows start to bog down because they have a function that
removes all limited access users. In our case, it created a backlog of requests into the SQL server that resulted in a 100% CPU utilization on the font-end web server.
Would there be a problem with just leaving the limited access permissions on the item (aside from being harder to quickly tell who does have access when looking at the permissions page for that item)? Those limited access entries don't grant any real access
to the item, as far as I know.