Dear Sankaran,
I think you can achieve this with access context
For example, keep the access context to sales for SO with restricted and choose the sales organization only which this user/business role can access
the logic is same however the access context might differ based on the business document
Regards
Leo