So, I know XPACK security can do document level security (IE, only allow users to interact with or see documents that match query X), and field level security (IE, only allow users to interact with or see specific fields in a record), and theoretically these could be combined (only allow users to see specific fields in specific records that match query X).
Does XPACK support any conditionally based object access, like, I have a nested mapping storing comment objects, and I want people on the sales team to only see comments from other people on the sales team?
Or is the approach to this problem to create a join field and apply document level security constraints to the child "comment" documents?