Hello Aamir,
Sean and Brian have covered the main points.
Multi-Tenancy is not the best fit to this situation.
Almost by definition, an Employee will be a member of a single Tenant.
The higher level Analysts span across multiple Tenants, but the Employees typically won't be doing this.
Also, the key principal of Multi-Tenancy is that one Tenant is locked out of the data for other Tenants. This doesn't sound like what you really want.
You spoke about narrowing down Access Rights by Category.
So carefully setup your Categories, and assign Data Partitions in particular, then Roles and Access Rights to leverage off these. It is also the easiest method to implement from where you are, as Data Partitions can be applied over the top of Categories a lot more easily than moving 10,000 users to different Tenants.
It is also a little unusual to be granting Employees access to Change Orders. (Also to both Requests and Incidents. Organisations usually standardise on one or the other for Employees.) Typically an Employee would create a Call Request/Incident, which would then kick off a Change Order process behind the scenes. If you wish to maintain this Category distinction, then you'll have to extend the logic to Change Orders as well. I would consider if you really need it though at the Employee level.
Finally, you'll need to consider what happens if the ticket is assigned to a Category outside of the ones that the Employee has access to. Do they still get View rights to this, or will they not see it at all?
Thanks, Kyle_R.