I think: yes. As I understand from your description, X is the big boss and both Y and Z are a specialization of X.
To have rights to see Z, make sure your user has a project role that is associated with a module role that has all the necessary read-access defined in the entities of both X and Z.
Additionally to Tim’s answer;
Access rights on the Specialization (Y & Z in your case) are in charge for their respective objects including the inherited attributes & associations.
Access rules specified on the generalization (x) only apply for objects which are 100% X objects, not having a specialization part.
In above examples A user with these access rights will only be able to READ OpenQuestions Description, Answertype & Answer. (RED object/Records)
While the same user can WRITE Questions Description & AnswerType (BLUE object/Record)
More explanantion can be found in this learning path: https://academy.mendix.com/link/module/369/lecture/2989/2.1-Introduction