The data a user can access should be limited to data from that user's organizational assignment, plus all data in the 'public' organization.
The data a user can access should be limited to data from that user's organizational assignment, plus all data in the 'public' organization.