diff --git a/invoice/gql/bill_event/query.py b/invoice/gql/bill_event/query.py
index 1d75e0b4..475a17f2 100644
--- a/invoice/gql/bill_event/query.py
+++ b/invoice/gql/bill_event/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.bill_types import BillEventGQLType
-from invoice.models import BillEvent
+from invoice.models import BillEvent, Bill
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -21,6 +21,7 @@ class BillEventQueryMixin:
     )
 
     def resolve_bill_event(self, info, **kwargs):
+        BillEventQueryMixin._check_permissions(info.context.user)
         filters = []
         filters += append_validity_filter(**kwargs)
 
@@ -28,8 +29,13 @@ def resolve_bill_event(self, info, **kwargs):
         if client_mutation_id:
             filters.append(Q(mutations__mutation__client_mutation_id=client_mutation_id))
 
-        BillEventQueryMixin._check_permissions(info.context.user)
-        return gql_optimizer.query(BillEvent.objects.filter(*filters).all(), info)
+        bill_event_qs = BillEvent.objects.filter(*filters)
+
+        if InvoiceConfig.bill_user_filter:
+            bill_qs = InvoiceConfig.bill_user_filter(Bill.objects.all(), info.context.user)
+            bill_event_qs = bill_event_qs.filter(bill__in=bill_qs)
+
+        return gql_optimizer.query(bill_event_qs, info)
 
     @staticmethod
     def _check_permissions(user):
diff --git a/invoice/gql/bill_item/query.py b/invoice/gql/bill_item/query.py
index 7546ffd1..4f448354 100644
--- a/invoice/gql/bill_item/query.py
+++ b/invoice/gql/bill_item/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.bill_types import BillItemGQLType
-from invoice.models import BillItem
+from invoice.models import BillItem, Bill
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -21,6 +21,7 @@ class BillItemQueryMixin:
     )
 
     def resolve_bill_item(self, info, **kwargs):
+        BillItemQueryMixin._check_permissions(info.context.user)
         filters = []
         filters += append_validity_filter(**kwargs)
 
@@ -32,8 +33,13 @@ def resolve_bill_item(self, info, **kwargs):
         if line_type:
             filters.append(Q(line_type__model=line_type))
 
-        BillItemQueryMixin._check_permissions(info.context.user)
-        return gql_optimizer.query(BillItem.objects.filter(*filters).all(), info)
+        bill_li_qs = BillItem.objects.filter(*filters)
+
+        if InvoiceConfig.bill_user_filter:
+            bill_qs = InvoiceConfig.bill_user_filter(Bill.objects.all(), info.context.user)
+            bill_li_qs = bill_li_qs.filter(bill__in=bill_qs)
+
+        return gql_optimizer.query(bill_li_qs, info)
 
     @staticmethod
     def _check_permissions(user):
diff --git a/invoice/gql/bill_payment/query.py b/invoice/gql/bill_payment/query.py
index 6ae42ea8..f73c032b 100644
--- a/invoice/gql/bill_payment/query.py
+++ b/invoice/gql/bill_payment/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.bill_types import BillPaymentGQLType
-from invoice.models import BillPayment
+from invoice.models import BillPayment, Bill
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -28,12 +28,16 @@ def resolve_bill_payment(self, info, **kwargs):
         if client_mutation_id:
             filters.append(Q(mutations__mutation__client_mutation_id=client_mutation_id))
 
-        BillPaymentQueryMixin._check_permissions(info.context.user)
-        return gql_optimizer.query(BillPayment.objects.filter(*filters).all(), info)
+        bill_payment_qs = BillPayment.objects.filter(*filters)
+
+        if InvoiceConfig.bill_user_filter:
+            bill_qs = InvoiceConfig.bill_user_filter(Bill.objects.all(), info.context.user)
+            bill_payment_qs = bill_payment_qs.filter(bill__in=bill_qs)
+
+        return gql_optimizer.query(bill_payment_qs, info)
 
     @staticmethod
     def _check_permissions(user):
         if type(user) is AnonymousUser or not user.id or not user.has_perms(
                 InvoiceConfig.gql_bill_payment_search_perms):
             raise PermissionError("Unauthorized")
-
diff --git a/invoice/gql/invoice_event/query.py b/invoice/gql/invoice_event/query.py
index dcf6b463..77446d5a 100644
--- a/invoice/gql/invoice_event/query.py
+++ b/invoice/gql/invoice_event/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.invoice_types import InvoiceEventGQLType
-from invoice.models import InvoiceEvent
+from invoice.models import InvoiceEvent, Invoice
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -21,6 +21,7 @@ class InvoiceEventQueryMixin:
     )
 
     def resolve_invoice_event(self, info, **kwargs):
+        InvoiceEventQueryMixin._check_permissions(info.context.user)
         filters = []
         filters += append_validity_filter(**kwargs)
 
@@ -28,13 +29,16 @@ def resolve_invoice_event(self, info, **kwargs):
         if client_mutation_id:
             filters.append(Q(mutations__mutation__client_mutation_id=client_mutation_id))
 
-        InvoiceEventQueryMixin._check_permissions(info.context.user)
-        return gql_optimizer.query(InvoiceEvent.objects.filter(*filters).all(), info)
+        invoice_event_qs = InvoiceEvent.objects.filter(*filters)
+
+        if InvoiceConfig.invoice_user_filter:
+            invoice_qs = InvoiceConfig.invoice_user_filter(Invoice.objects.all(), info.context.user)
+            invoice_event_qs = invoice_event_qs.filter(invoice__in=invoice_qs)
+
+        return gql_optimizer.query(invoice_event_qs, info)
 
     @staticmethod
     def _check_permissions(user):
         if type(user) is AnonymousUser or not user.id or not user.has_perms(
                 InvoiceConfig.gql_invoice_event_search_perms):
             raise PermissionError("Unauthorized")
-
-
diff --git a/invoice/gql/invoice_line_item/query.py b/invoice/gql/invoice_line_item/query.py
index 1b3d7eee..66dc7281 100644
--- a/invoice/gql/invoice_line_item/query.py
+++ b/invoice/gql/invoice_line_item/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.invoice_types import InvoiceLineItemGQLType
-from invoice.models import InvoiceLineItem
+from invoice.models import InvoiceLineItem, Invoice
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -21,6 +21,7 @@ class InvoiceLineItemQueryMixin:
     )
 
     def resolve_invoice_line_item(self, info, **kwargs):
+        InvoiceLineItemQueryMixin._check_invoice_permissions(info.context.user)
         filters = []
         filters += append_validity_filter(**kwargs)
 
@@ -32,8 +33,13 @@ def resolve_invoice_line_item(self, info, **kwargs):
         if line_type:
             filters.append(Q(line_type__model=line_type))
 
-        InvoiceLineItemQueryMixin._check_invoice_permissions(info.context.user)
-        return gql_optimizer.query(InvoiceLineItem.objects.filter(*filters).all(), info)
+        invoice_li_qs = InvoiceLineItem.objects.filter(*filters)
+
+        if InvoiceConfig.invoice_user_filter:
+            invoice_qs = InvoiceConfig.invoice_user_filter(Invoice.objects.all(), info.context.user)
+            invoice_li_qs = invoice_li_qs.filter(invoice__in=invoice_qs)
+
+        return gql_optimizer.query(invoice_li_qs, info)
 
     @staticmethod
     def _check_invoice_permissions(user):
diff --git a/invoice/gql/invoice_payment/query.py b/invoice/gql/invoice_payment/query.py
index 46c306c4..c7990bce 100644
--- a/invoice/gql/invoice_payment/query.py
+++ b/invoice/gql/invoice_payment/query.py
@@ -6,7 +6,7 @@
 from core.utils import append_validity_filter
 from invoice.apps import InvoiceConfig
 from invoice.gql.gql_types.invoice_types import InvoicePaymentGQLType
-from invoice.models import InvoicePayment
+from invoice.models import InvoicePayment, Invoice
 import graphene_django_optimizer as gql_optimizer
 
 
@@ -21,6 +21,7 @@ class InvoicePaymentQueryMixin:
     )
 
     def resolve_invoice_payment(self, info, **kwargs):
+        InvoicePaymentQueryMixin._check_permissions(info.context.user)
         filters = []
         filters += append_validity_filter(**kwargs)
 
@@ -28,13 +29,16 @@ def resolve_invoice_payment(self, info, **kwargs):
         if client_mutation_id:
             filters.append(Q(mutations__mutation__client_mutation_id=client_mutation_id))
 
-        InvoicePaymentQueryMixin._check_permissions(info.context.user)
-        return gql_optimizer.query(InvoicePayment.objects.filter(*filters).all(), info)
+        invoice_payment_qs = InvoicePayment.objects.filter(*filters)
+
+        if InvoiceConfig.invoice_user_filter:
+            invoice_qs = InvoiceConfig.invoice_user_filter(Invoice.objects.all(), info.context.user)
+            invoice_payment_qs = invoice_payment_qs.filter(invoice__in=invoice_qs)
+
+        return gql_optimizer.query(invoice_payment_qs, info)
 
     @staticmethod
     def _check_permissions(user):
         if type(user) is AnonymousUser or not user.id or not user.has_perms(
                 InvoiceConfig.gql_invoice_payment_search_perms):
             raise PermissionError("Unauthorized")
-
-