There are some module packages out there that would probably help you here. Keeping the logic seperate. We use Cartalyst packages that have a great set up and worth looking at. I've seen on packigist there is at least one.

They might help.

It also depends on your SaaS set up. I presume you aren't having a seperate install per user?

Lastly, can you not just use permissions to help with this?

I've seen some module packages available, but I can't identify with any of them. I also want to avoid having all services in one app, with permission conditions everywhere.

I am using a shared db, shared schema approach, but I'd like to keep services separate because they won't all necessarily use the same data, although the data is to be available across services, especially user authentication.

I tried to draw a diagram: http://i.imgur.com/WWSz2tU.png

I'm not sure that is clear enough, but it should reflect what I envision.