Can there be a permissions-controlled Client/Organization experience per logged in user?

Most end users are Guest users invited from external client companies. They submit tickets that agents work on.

Can we set this up so that Submitters can see all the tickets related to the Client/Organization they belong to, and no others?

(Office365/SharePoint Online version)
The submission form also may have fields that have information linked to that particular organization.
Submitters should not even be able to see a list of other clients, users, or any data that might be linked to them. So that, based on the person's log in ID and what Client/Organization they are associated with, they see only their own company's information.

In looking through some other topics here on "Organization" topics, I was thinking that we could create a separate List with Client/Organization data, including all users associated with that Client and any data needed to populate drop downs specific to them. Then we could add Lookup columns to the ticket.

Where I'm unsure is how to get this truly permissions-controlled so that a logged-in user gets to see more than just their own submitted tickets (they should see ALL tickets for their company), but not anything from any other companies.

We could possibly create one list per company and create a permissions group per client and unique permissions to that list, or keep all the data in one list but set permissions by folders in that list. Not really sure if that would work.

I'm also not sure how the query works to try to pull back all data for that company (not just what the user submitted).


Hello, Stuart.

Unfortunately, the described scenario requires more advanced item-level permission management than SharePoint can provide: item-level permissions has only one conditions - whether an item was created buy a current user. It also could work if there were permission management for list views, but it is as it is.

We are discussing now whether we could widen functionality of our widget to display tickets not only of a current user but also of a current company (checking an accordant property in SharePoint user profiles). I will keep you posted with results I get.

Thank you. Even if you don't have an easy or immediate upgrade to the product to do this, just letting me know how it might be accomplished with a code snippet or configuring list items and permissions a certain way would help.

I am working on a trial of your product right now, but for our purposes, this would be a show stopper, so we couldn't purchase it.

It wouldn't necessarily have to query the User Profile for a specific client property. We could set up Azure AD Security Groups for the clients, or Office365 Groups, or SharePoint Groups, to control client membership. Or reference a separate list.

But we WOULD want to make sure there were actual permissions controls in place, so that a clever individual trying to do a REST query or some other query or URL manipulation could not get to other clients' data.