Privacy settings for fields that are things in a data model

Hello,

Imagine this scenario: I have a thing called “Organization”. It has a list of users.

Screen Shot 2016-09-06 at 14.30.57.png763×357 18.3 KB

Now, I want to create privacy rules so that a user is only able to see users that are members of the same organization.

Screen Shot 2016-09-06 at 14.32.48.png798×283 15.2 KB

I cannot do a search here. I can only access the User object and the current user.

As far as I can see, I have to “flip” the data model, so that a User has the field “Organization”:

Screen Shot 2016-09-06 at 14.35.04.png782×437 23 KB

That would allow me to do this:

Screen Shot 2016-09-06 at 14.34.47.png788×285 18.9 KB

It does not seem really intuitive to me. Every time I want to access the users of an organization, I have to do a search. Wouldn’t that be slower than just listing the users from a field on the organization?

Similarly, I have a thing of ‘Invoice’ which has a field of ‘Project’. Project has a user field of ‘Manager’.

In the privacy settings I can set:

This Invoice’s Project’s Manager is Current User

But in reality this doesn’t work. It returns no Invoices. Assuming each Invoice has a Project and each Project has a Manager, should this second level condition work in general?