Yeah I think that'll work based on my initial modeling with your example. I'm trying to understand your comment better though > you'll need to redefine the object_type per tenant to avoid having a user match by having the permission boundary in a different tenant Thinking about that comment..