ACL documental database

This is much a conceptual question than other. I'm wondering if there is any best practice and where can I read about it, also don't know how to ask it to google.

I'm working into modeling a mongodb database. Let's say we have a chair collection that must be kept in a separated collection from user's one because a chair can be owned and accessed by multiple users. It raises the problematic of access control list. Normally in other projects I've been used to define permissions on the user collection:

{
  _id: 5ce3f94a6591bd5a3accd22e,
  permissions: [
    {
      collection: 'chairs',
      path: 'serialNumber',
      allowedValues: /^AU-1234-.*/ig,
      roles: ['read']
    }
  ]
}

That way we can grant user access to every chair that its serialNumber starts with 1234.

Right now I'm wondering if it wouldn't be a better approach to define the chair with the allowed users:

{
    _id: ...,
    serialNumber: 'AU-1234-567',
    allowedUsers: [{
      user: 5ce3f94a6591bd5a3accd22e,
      roles: ['read'],
    },
    ... ]
}

This is more a similar approach to unix file systems, where any file has it's owner and group, and each user can belong to multiple groups. Does it make sense in mongodb?

I've seen that i.e. acl module keeps separate collections in order to grant user access to resources, but seems a killer solution and difficult to maintain. Is there any recommendation or just Do as much better as you can.