Not really an answerable question. The best security policy is one which is used. The policy is more apt to be used if it's relatively simple to use.
> more efficient
> better quality?
Ultimately if this case is a one-off then investing the mental energy in designing a scalable rule isn't worth it. But that is a rare scenario, typically this schema of how to provision access will be re-used across other rules. A simple rule which uses custom properties (or more ideally AD groups like @Anil_Babu_Samineni mentions) allows for an easy provisioning of access across multiple users and data connections (e.g. resource.@DataConnectionAccess = user.@DataConnectionAccess ). Are there more efficient ways of doing this? Yes, groups would be more efficient (e.g. resource.@DataConnectionAccess = user.group) but it sounds like that isn't a live option for this organization at the current time.