Yeah I think that'll work based on my initial modeling with your example. I'm trying to understand your comment better though
> you'll need to redefine the object_type per tenant to avoid having a user match by having the permission boundary in a different tenant
Thinking about that comment..