have 2 orgs with 1 user each, where each user is an Org admin for his appropriate org and also belongs to it:
user1 => org1
user2 => org2

- now create some record, e.g. OS, belonging to both org1 and org2
- now login as e.g. user1 and edit the created OS in a way, that you unassign org2 from it.
- as a result, user2 can no longer access nor manipulate the OS.

- I think a solution to this would be to only display Orgs available to user1 (the ones, user1 is a member of). Also, the processing of such PUT requests should be modified, so the organization_ids parameter is not evaluated "absolutely", as it won't contain the 'unaccessible' orgs - backend needs to add the original 'unaccessible' orgs to the list