My website has multiple companies and each company has multiple users.
Each company has its own (i) company page and (ii) company products.
What is the best structure to limit access to company pages and products to its own users?
Toolset Access gives you the ability to manage restrictions using Post Groups and User Roles. You could create one Post Group per Company and as many different Custom Roles as you need for that company. Then you place the Company post, pages and products into the post group, and you can restrict access based on those roles. Company B's custom roles would have no access to Company A's post or products.
Would this be an efficient way of doing it for 1,000 companies / post groups?
What do you think of using companies as taxonomies and using a conditional field to prevent access to non-company users?
Sorry, I have another question.
How do you assign users to their post groups so they can only see post, pages and products associated with those post groups?
As far as I know, I can only set user roles.
What do you think of using companies as taxonomies and using a conditional field to prevent access to non-company users?
You can't restrict access to entire URLs this way, but you can restrict access to contents inside templates or Views using conditional HTML. The URL will load a Page, but pieces of content will be hidden. With the User role and Post Group approach, you can show a 404 instead.
How do you assign users to their post groups so they can only see post, pages and products associated with those post groups?
Post Groups are managed by User role, not by individual User. So there must be a single role for each combination of permissions, which might not be possible in larger sites.
Would this be an efficient way of doing it for 1,000 companies / post groups?
I think it's going to be difficult to manage 1000 companies / post groups / roles / permission sets in the backend.
In regards to Post Groups, how can we restrict users to access pages from another company when everything is based around roles?
From what I understand, an administrator from Company A can still access pages from Company B.
When managing 1,000 companies in your website, what do you think is an efficient way to do it?
I don't think there is an efficient way to do it that involves post groups or roles. You would have to create roles specific to each company, and it will be difficult to manage. Instead, you could use a custom field on the User profile that holds their company information. Then a custom field in the post or product that holds the company information as well. In the post or product template, you can use conditional HTML to test the current User's company information and compare it to the current post's company information. If it's a match, show the post content. If not, show an error message.
My issue is resolved now. Thank you!
