Yes, that's exactly what I'm trying to do. One way to answer the question "which documents belonging to organization

xyz

is user

123

allowed to view?" My use case is very similar to the issue mentioned, an organization can have subgroups with resources that can be shared, so a user can have access to several resources from different organizations.