I am currently in the process of adding another layer of permissioning to our application – where it was previously handled by persona only, we are now allowing for company filtering too. So as an ‘End-User’ from ‘Company A’, I should only have access to the documents that are configured for that persona and company.