How to modify/extend USB device access permissions in Debian?

Question

I have a PC with Debian 10. I need the USB drives to have broader permissions than those given by default by the system.

I will give an example: with the user "john" being authenticated, when a USB memory is detected, the directory "/media/john/" is created with root as the owner and drwxr-x---+ permissions. User "john" gains access to that directory via ACL: "user:john:r-x".

john@debian:~$ getfacl /media/john/
# file: media/john/
# owner: root
# group: root
user::rwx
user:john:r-x
group::---
mask::r-x
other::---

I need that when the aforementioned directory is created, the same permissions are also given to the group "john", so that another user who has "john" among his groups also has access.

Similarly, when the subdirectory is created, whose name is equivalent to the device label, "/media/john/kingston/", it must also have full permissions for the group, by default it is done with rwxr-xr-x and I require it to be drwxrwxr-x. In other words, user must be able to access other user's data on the USB stick by allowing mount options that give full access to the primary group of user "john" ("john" in this example).

One of the many things I've tried and it didn't work: edit /etc/udisks2/udisks2.conf (also /etc/udisks2/mount_options.conf)

[Storage]
Options=relatime
DefaultMountOptions=rw
DefaultMountOptions=umask=0002
DefaultMountOptions=fmask=0002
DefaultMountOptions=dmask=0002

Another options tested:

vfat_allow=umask0002,dmask=0002,fmask=0002
vfat_allow=dmask=0002,fmask=0002

Finally, I have tried modifying the mounting options from UDEV.

SUBSYSTEM!=="usb", GOTO="udisks_mount_options_end"
KERNEL!=="sd[a-z]*", GOTO="udisks_mount_options_end"
# USB
ENV{ID_FS_USAGE}=="filesystem", \
ENV{UDISKS_FILESYSTEM_SHARED}="1", ENV{UDISKS_MOUNT_OPTIONS_DEFAULTS}="rw,nosuid,nodev,relatime"
# VFAT
ENV{ID_FS_USAGE}=="filesystem", ENV{ID_FS_TYPE}=="vfat", \
ENV{UDISKS_MOUNT_OPTIONS_VFAT_DEFAULTS}="uid=$UID,gid=$GID,shortname=mixed,utf8=0,showexec,flush,umask=0002,dmask=0002,fmask=0002", \
ENV{UDISKS_MOUNT_OPTIONS_VFAT_ALLOW}="uid=$UID,gid=$GID,codepage=437,iocharset=ascii,shortname,showexec,utf8,umask,dmask,fmask"
# GOTO
LABEL="udisks_mount_options_end"

In the log it seems that it works...

E: UDISKS_FILESYSTEM_SHARED=1
E: UDISKS_MOUNT_OPTIONS_DEFAULTS=rw,nosuid,nodev,relatime
E: UDISKS_MOUNT_OPTIONS_VFAT_DEFAULTS=uid=$UID,gid=$GID,shortname=mixed,utf8=0,showexec,flush,umask=0002,dmask=0002,fmask=0002
E: UDISKS_MOUNT_OPTIONS_VFAT_ALLOW=uid=$UID,gid=$GID,codepage=437,iocharset=ascii,shortname,showexec,utf8,umask,dmask,fmask

...but in reality it does not. The group "john" still does not have write permission.

$ ls -l /media/
total 28
lrwxrwxrwx  1 root   root       6 oct  2 20:59 cdrom -> cdrom0
drwxr-xr-x  2 root   root    4096 oct  2 20:06 cdrom0
drwxr-xr-x  2 root   root    4096 oct  2 20:06 cdrom1
drwxr-xr-x  3 john   john   16384 dic 31  1969 KINGSTON

For days I have been finding out and testing solutions that involve udev, polkit or udisks, without success. I really need help!!