[Resolved] Implementing User-Specific Data Access

[Author]

Posts

[matthiasK-4]

I have developed a WordPress-based website using Toolset, enabling our customers to view and manage their data seamlessly. The data structure includes the following tables:

- **Customers** (customer information)
- **Contacts**
- **Domains**
- **Autoresponders**
- etc.

### Data Relationships
- Each customer can have multiple associated contacts.
- Each customer can own multiple domains.
- Each customer can manage several autoresponders.
- etc.

### Access Requirements
Each customer should be able to see, edit, and delete only their own data. To test this setup, I created a user with the role of “author” for a sample customer and linked all relevant posts to this user. In Toolset I restricted the access to admins and the related author. However, manually assigning roles or authors for every new data entry is not scalable.

### Optimized Access Solution
Given that each user corresponds to a single customer and all his data is associated with this customer, an efficient method for data access control is required. This will ensure that users are automatically granted permissions relevant to their associated customer data.

### Example Scenario
**Customer: Amargo** (with associated users A and B)
- **Related Contacts**: Contact 1, Contact 2, Contact 3
- **Related Domains**: Domain 1, Domain 2
- **Related Autoresponders**: Autoresponder 1, Autoresponder 2, Autoresponder 3

**Customer: CustomerName** (with associated user C)
- **Related Contacts**: Contact 8, Contact 9
- **Related Domains**: Domain 3, Domain 5
- **Related Autoresponders**: Autoresponder 7

### User Access Control
- **Users A and B** should have exclusive access to:
- Contacts: Contact 1, Contact 2, Contact 3
- Domains: Domain 1, Domain 2
- Autoresponders: Autoresponder 1, Autoresponder 2, Autoresponder 3

- **User C** should have exclusive access to:
- Contacts: Contact 8, Contact 9
- Domains: Domain 3, Domain 5
- Autoresponder: Autoresponder 7

By implementing a dynamic permission system based on user-customer relationships, we can automate data access controls and improve site management efficiency.

Is there a way to achieve this?

[Minesh]

Hello. Thank you for contacting the Toolset support.

Toolset Access works based on the role. If you want to assign the permission for own content then you should assign the permissions to the designated role.
- https://toolset.com/course-lesson/setting-access-control/

Please check the following link:
- https://toolset.com/lesson-placement/lesson-placements-1622969-1655453/
- https://toolset.com/related-lesson/access-control/

[matthiasK-4]

Hello, thank you for your response.

I need a bit more clarification on how to use roles in this scenario. In the lessons provided, users can edit different items based on their role, but they’re limited to editing only their own content.

I’m looking for a solution where users can also edit content created by other users, provided they are associated with the same company.

For example, in the context of gyms, I’d like multiple users to be able to edit the same gym’s details.

[Minesh]

Have you checked the post groups:
- https://toolset.com/course-lesson/restricting-access-to-pages/#create-a-post-group-for-pages-restricted-to-logged-in-users

For such users you should assign post group permissions:
- https://toolset.com/course-lesson/restricting-access-to-pages/#set-access-permissions-for-the-post-group

[matthiasK-4]

I'll test it as soon as possible and follow up with feedback. Thank you!

[Minesh]

ok fine. Please check it and let me know how it goes.

[matthiasK-4]

Unfortunately, this is not the solution I need. I would have to manually assign each post of every user to a post group. Since there are several thousand entries and new ones are continually added by customers, this is not a viable solution.

I will now resolve it by creating only one user per customer, so the assignment to the customer will always happen automatically through the author.