Right now, user permissions for any doc are only checked if the doc has a Link field. However, it would be really useful if they were also checked for Table and MultiSelect fields since these may contain links to other DocTypes.
E.g. a Request for quotation form may have a MultiSelect field called “Assigned to” where 1 or more 3rd parties could be selected. The 3rd party should only be able to view this document if the MultiSelect field contains the value that is allowed for them via user permissions.