Can I have dynamic, group-based item-level security on a SharePoint list?

In SharePoint online lists I know how to have all list items visible to all users with permission on the list. I also know how to have items visible only to the user who created the item, or to users with higher-level privileges. What I need, though, is to have items visible to the person who created the item and site admins, but also other users with site permissions who are in the same Exchange security group as the user who created the item.

I realize there is a long, clumsy process to kind of do this manually… I can go into an individual list item, choose to share it, and then select a group to share with, but this isn’t a satisfactory solution for three reasons:

  1. It’s not practical to manually adjust every list item
  2. The security group I want to base the sharing on isn’t one that’s published to our address book, so I couldn’t just search for it and select it in the sharing dialog even if I wanted to do it manually (but I would expect to be able to derive it based on the current user’s Exchange profile and parse it since it will always follow the same formula with a prefix and then a variable, like “G_321”)
  3. The Share function overrides the other site security. I don’t want everyone in the Exchange security group to be able to view the list item: only people who have permissions to view the list and are also in the specific Exchange security group.

I know this has been an issue for a long time, but I haven’t seen anything about it recently, so I’m hoping that even though I couldn’t find a way to do it in SP2010 or SP2016 there’s a way through SPOnline or Flow to have more intelligent, dynamic security. Any ideas?