Rolemo
It sounds like you have a mandatory, n:1 fact type "Employee(.id) has PermissionLevel(.name)" with the value constraint {'Organization', 'Region', 'Country'} on PermissionLevel.
Adding subsetting doesn't help. You need to specify elsewhere what semantics you attach to these levels. Depending on how you are implementing security/authorization, you could do it directly in database metatables (e.g. using grant, revoke etc.) or in an ORM metaschema designed for this purpose (e.g. Role has AccessRight to FactType, etc.).
Cheers
Terry