I’m sure this is what was meant, but just to confirm and spell it out, the authorization has to belong to the subscriber account that’s making the request right?
If account A asks to create an authz for example.com, succeeds in validating it, and then account B comes along and wants an authz for example.com too, that should result in a fresh authz regardless of this setting.
This isn’t really a backend question, but maybe a client person can chime in: Do popular clients like certbot report (at least in their verbose/ debug mode) that they were able to proceed without validation (because they got an authz that was already validated) ? I can imagine that when debugging client issues on this site it will be useful to understand if this special case is happening to them or not.