Architecture to use dynamic document read permition

We need to enable our customers to access our Kibana to create sales reports, however, the sale documents they can read can change over time.
Each customer would have their own user in Kibana and a sale document can be read by many customers.

What should be the database architecture to make this work?

Initially I was thinking in creating a role with document level permission with a query that uses the logged user id to filter the documents.
Is this a good approach? Is there a better one?

How do you determine which documents are readable by which users?