You'd normally define something like that permission on the company/org itself rather than the entity that's being checked e.g.

hs
definition user {}
definition organization {
  relation reader: user
  relation admin: user
  permission can_read_all_docs = reader + admin
}
definition doc {
  relation org: organization
  relation reader: user
  permission can_read = reader + org->can_read_all_docs // org-wide listers can also view all
}