Multi Tenant - Anybody actually done this in Appwrite?

Hey guys, a few weeks ago I attempted to get a thread going on reaching a decision on how to do multi-tenant with Appwrite.

As I reflect on this my self, I lean more and more toward Hasura, because it has a concept of "default values applied during insert, update". This means, a user can not specify persmissions, which I am strongly in favour of.

Here's why.

Let's say I am the boss of the company, and I create a team, and we have document level security. Collection permissions don't work anyway, because we have multiple teams storing world-famous TODO items, and a team should only see their own.

So, when a user creates a document, I don't want my team setting permissions that might lead to items being shared with others outside of the team. My current understanding of "the creator/owner of the document" can set permissions, just goes against all the security principles I need. Have I misunderstood this?

An alternative which I don't think would be unreasonable, but again, with Hasura needs no additional effort, is to have functions that can set the document permissions based on the creator's team membership, and this would only need to be done for CREATE and UPDATE. In such a function(s) we would just assign the document permission as the person's team. This seems acceptable to me.

Very keen to get insights from Appwriters that have jumped through these hoops.

Thanks all for taking time to read!