Users belongs to Org not peer, as per user access he can do all necessary stuff. you can filter data as per access using ABAC, add some specific roles in user certs while registering new user and allow those user to have access specific method in chaincode