DISCLAIMER: I'm not even "hobbyist" level in this, more of a "n00b". I'll let the more experienced comment further..
Also, I'm more providing what I would do as a solution to the original problem, because I don't think the original solution offered is very secure (which was more aligned with what was asked--"is it secure?"--to which I can only answer "probably not". (Encrypting the same plaintext with different keys may allow analysis to obtain too much insight in to finding an attack vector to decrypt the data).
There are a couple concerns here.. First, the possibility of a key itself becoming compromised; and Second, the possibility of the data it's protecting becoming compromised. The second case, there's little that can be done to protect against, since once the data is compromised, an attacker doesn't even need to decrypt it against another's key--they have already obtained the target goal. So I won't say much more about the second case.
For the first case, a compromised master key would compromise any and all data that it was used to encrypt, not just the one document. So you want to isolate that possibility. What I understand from methods such as PGP/GnuPG, the passphrase is NOT the master key. Rather, a OTP (one time password) is randomly generated for X-number of bits, which is then used to encrypt the data, for only that one document. So even if an attacker can obtain that random key, only the one document and OTP key is compromised, not all documents or keys.
So, in the server, you generate a OTP using a high amount of random entropy to make it very difficult to use crypto-analysis to obtain the random key, since there should be no patterns in the key data. This key is then used to encrypt one specific document. The document can then be stored in the database in an encrypted form using that OTP as the encryption key. Nothing further needs to be done with that.
Of course, you don't want to store the OTP in the database, as that would be futile storing the key with the encrypted data. Instead, you encrypt the OTP with your master key that you never store anyone but your own head. Then you can store the encrypted OTP safely in the database, since the encrypted OTP still needs to be decrypted in order to decrypt the stored document.
Now, let's add in access to the document for other users.. You do the same process for them with their passphrase! Never encrypt YOUR master key with their passphrase, because that would compromise your entire key and anything it was used to encrypt. Instead, use the user's passphrase (password) to encrypt the OTP ONLY, and store that result in the database. So when they want to access the document, they first have to pull the encrypted OTP from the database, use their password to decrypt it so that it can be used to decrypt to target document. Since your master password is never part of that, they will not be able to obtain your master password. They might be able to crack a weak password from one user, but that will only enable them to obtain the decrypted document (the second case I mentioned that is already fruitless should that happen). It won't help them discover other user's passwords, nor help to discover your master key.
Likewise, since the OTP was used only once to encrypt just that specific document, it won't compromise other documents which have a different OTP.
You won't have to store multiple encrypted documents for each user using each user's key, which MIGHT weaken the encrypted document by having multiple encrypted data to analyze; You only need to store the OTP encrypted document once, and then store a "certificate" (the OTP which is encrypted individually with each user's personal password) which is used to decrypt the actual target document.
To make a similar "real life" scenario, consider a bank lock box, but the bank itself keeps the keys to the lock box in a secured storage area, and only a bank guard can retrieve the key. All you need to do is show the guard you are authorized to access the lock box (showing your ID or something), and once they authenticate your access rights, they get the key and give it to you so you can open the lock box with it. But they will never give you the key to the key storage area itself (the "master key"), but rather, they will go get the lock box key on your behalf. It's not an exact parallel scenario, as you can always not return the lock box key, etc. But you never have access to the master key to risk compromising all the lock box keys in storage; Only that specific one.
I hope I'm being clear--AND correct. If not, hopefully the more experienced will refute, edit, and/or correct as necessary.