[Flow] Entity security

[Falk]

Hi guys,

I've a model User (based on AbstractParty) which has a relation to a model Contractor. Now I want to implement that users with a defined role (manager) can create other users. The manager user should only get access to this contractors which he is self related to. 

So I want to solve this via Policy.yaml and entity security and I don't know exactly what I've to do because the flow docs are not to extensive at the topic "Content security". 

Must I extend the model Contractor with a porperty party which hold the associated parties or exists a better solution?

Thanks Falk