Entity Permission configuration for complex scenarios

Hi Guys,

1 more post on Entity Permission configuration for complex scenarios.

Topic is how to control your Portal data access based on multiple account records.
Sometimes we are stuck at situation where we are asked to prove the portal data security from multiple angles. Since portal configuration comes with handful of entities to define the security architecture but we feel clueless how to deal with complex security data security.
Like Portal logged in user is part of multiple account records and we are supposed to show a third entity records which are associated with all account record where logged in user is part of.

Example: We have few account records named as
• Account-UK
o Has portal users associated with this client like
 Portal User-UK
 Portal User-Australia
 Portal User-India
• Account-India
o Has portal users associated with this client like
 Portal User-UK
 Portal User-US
 Portal User-India

• Account-Australia
o Has portal users associated with this client like
 Portal User-Australia
 Portal User-India
• Account-US
o Has portal users associated with this client like
 Portal User-UK
 Portal User-US
• So on

Now we have 1 custom entity or suppose cases which has a lookup of account entity as client/customer
Now scenario is if Portal User-UK logs in to the portal he should see all cases whose account lookup values is set to from the list Account-UK, Account-India, Account-US
Similarly if Portal User-India logs in to the portal he should only see cases whose account lookup values is set to from the list Account-UK, Account-India, Account-Australia
Big question, How we should deal in such cases??? Although every company many intelligent folks in the teams and might have better idea than anyone could think of, but here is my bit:
Make use of CONNECTION entity between CONACT and ACCOUNT.
Once connections are established, go to PortalEntity PermissionCreate 3 new entity permissions like
1. Entity Permission on connection with scope as contact named as Connections-Contact

2. Create 1 child permission under connection Entity permission

3. Create 1 more child permission under Accounts with Connections Entity permission

Once entity permissions are configured, navigate to respective web role and add the 1st entity permission i.e. Connections-Contact and we are done.

Once you will login to portal with having right web role, you will see cases associated to all accounts where logged in user is part of.