zed permission check org:ten1_org1 member user:ten1_u1 --caveat-context {"current_org":"ten1_org1"}