Multi tenancy or resource filtering

Please advise about the best approach to design and implement multitenancy.
Of course, the best approach is to have a separate FHIR server for each tenant, but it is not an option.

I need to filter resources based on requester claims.
I will have a wrapper/facade application, so no direct access to the FHIR server.

So my options:

1. Add something like FacilityId into the Resource.Meta.tag tags and use them for filtering.
2. I saw this https://github.com/microsoft/health-architectures/tree/master/FHIR/FHIRProxy
   But it really doesn’t seem like ready for a production solution.

Any notes, advice? Will option 1 work?

There’s a few discussions on chat.fhir.org:

• https://chat.fhir.org/#narrow/stream/179166-implementers/topic/Multi.20tenancy.20in.20FHIR
• https://chat.fhir.org/#narrow/stream/179166-implementers/topic/Multi-Tenant.20FHIR.20Server

One possible approach is to define Tenant as an Organization resource. “id” of each object could be a combination of Organization Id and Resource UUID i.e. fully qualified id.