Proper Way to Setup Authentication to Reference Tables

I've enabled authentication for some tables in my application and verified it's working. In my design I have users who belong to companies, and through the extras I am passing the company_id to allow users who belong to the same company to view records together.

One question I have, I have some tables that are simply references to others. For example I have a division table, and under that table are regions with a reference back to companies_id so I can see the different regions within a company. On the divisions table I have companies_id to make sure that users can only see divisions within their own company.

My questions is, do I need to put companies_id on the regions table as well to setup authentication to make sure only users can see other regions in their company, or should I inherit this somehow from divisions where it's already set?