Reject a save from a webhook

Is it possible to use webhooks to reject an operation, if the external system determines that the edit does not look legit?

Specifically, in my case, its a matter of trying to say “user X1, X2 and X3 can edit contenttype C with value Y in field Z”, which cannot be represented by the current ACL system, so i was hoping to be able to extend the ACL checks, by adding autosave and save webhooks, that would either be able to reject an edit, or possibly just roll it back.

Or said more succintly: Everybody from department A, can edit pages that are related to Department A, but not pages related to Department B.

But I am unsure if the webhook is called in-line in the save process, or as an afterthought after the save has been committed.