a few options here: (1) you could use a caveat that checks the time spans alongside a time stored on the relationship to time box it (2) you could have the user added directly to each document when they are a participant, such that a direct relationship exists and make the permission rely on that. That way, they are only granted to documents while they are part of the case