Account scoping via AccountUsers?

The multi-tenancy documentation says "To scope a resource to a tenant, make sure your model has an account_id:integer column in the database." Is it possible to scope this transitively through an AccountUser? I'm creating a resource that belongs to an AccountUser so it seems redundant to specify both when the Account can be derived from the AccountUser...

I read the AaT README and searched the issues but I couldn't find any mention of whether it was possible or not.

You always need account_id to scope by tenant. If you want something to be associated with an AccountUser, you'd also add account_user_id.

It may seem redundant, but always having account_id on your table is what allows you to enforce row level security. Any models without this are "global" which means anyone can access them.

Having account_id makes it so you can't accidentally transfer the record from one account to another by assigning an AccountUser that was outside the account. Keeps you safe.

Thanks Chris. That makes sense, I was just hoping maybe there was an option I had missed... Something like:

```
belongs_to :donor, class_name: 'AccountUser'
acts_as_tenant :account, through: :donor
```