Have you tried creating a regular role and then assigning it to the organization? I don't know if it will automatically set the permission properly, but if I understand Liferay correctly, the user who created the file and should be able to set the permissions to it. If they made it so only users with the regular role that's assigned to their organization will be able to see it.
The problem with setting an organization role (at least from my understanding of Liferay, someone please correct me if I've misunderstood Liferay permissions) is that the permission is only applied to one specific organization, and doesn't apply to the other organizations, so they will still be able to see it.