I’ve aske a similar question in the past: How to data privacy with 2nd degree database thing?
But things seem to just have gotten more complicated:
We have a ticket system, with attachements in a separate data table linked to the ticket. We also have ticket shares in a separate table that define the relationship between a ticket guest and a ticket.
The attachment is private by default. We want to set a privacy rule to allow the guest user to see the file. However, the privacy setting won’t allow us to “do a search for” ticket share’s users. So ticket guests cannot see the attachment.
How can we solve this? (And I am hoping the answer is not to copy the guest users into the attachment database object, because that would be an ugly way to go about it 
—hoping for wizardry)