From a security standpoint you need to be able to be logged in as that user or be logged in via your Master Secret which is not something you should make public.
Do you want to add support in your app for a logged in user to say who can modify/read their information? Or do you want to retroactively do that via a script or scheduled code?
about 5 years ago
The idea is that a user can create more users (patients), then the user who created them (patients) can pass these users (patients) to another user, and the latter can edit, then I need to give permissions in the ACL to these users (patients).