we are trying to model teams+roles+organization and achieve a permission checks based on it which allow us to answer following things: If member:a as an admin of a team:1 can issue a card for member:b (who is member of team 1) and no one else outside the team if member:b as a member of role:X can issue a card for member:b (across entire organization members) Following is the schema we have prepared....we would like someone to take a look at it and suggest if there is a better way(s)