LDAP group mapping for users across multiple orgs

Hello, I’m attempting to perform what I thought would be an easy task. Simplified my desire is as follows:

Group1 are grafana administrators
Group2 are editors of graphs in Org1
Group3 are editors of graphs in Org2

All groups are able to view graphs from both Org1 and Org2

I’m currently using Grafana 4.2. I’ve attempted refactoring my group information multiple times, however I never seem to reach a solution that works for me. Has anyone been able to perform a similar function? If so, would you mind sharing what’s worked for you?
In many cases I am able to get everyone able to view dashboards in all orgs, however I’ve had limited success meeting the other requirements.

As background information: My desire to utilize multiple orgs is being driven by separation of duties within the business.
Users are responsible for graphs within their domain. It has additionally been mandated that no one else has the ability to modify them.
Orgs appear to be the only way I’m able to maintain this level of control. If there is a better way to resolve this situation I’m also open to other suggestions.

Thank you,

Going back and doing an additional search yielded this topic which appears to be related.

You can potentially solve this problem with Orgs for now, but in many situations Orgs are not ideal. The current implementation of Orgs is more about having complete isolated “instances” of Grafana, rather than access control.

As you correctly point out, we are working on Dashboard Folders and also expanding the capabilities of user/role access control.