I have a site for a network of 150 law firms, each firm will have several people who can post content to the site. Each of these people should have the ability to edit the content created by any other person in their firm.
I've chosen Simple Access as my permissions module. Without too much in-depth research it appeared to be the simplest permissions module where choosing which users can edit content was a feature.
Everything's installed and working fine (4.7.5 / Simple Access)
My question is about best practice/strategy for defining Drupal Roles and SA's Groups. I want to create as few Roles as possible (for managability's sake - the horizontal layout of all Roles on the Permissions page could get unwieldy)
My biggest fear is that I have to create 150 Drupal Roles, and 150 matching SA Groups.
First off, if I only create 150 S.A. Firms(Groups), the person who creates the node will be able to make their content editable by their Firm(group). That's good. But I can't assign individual users to that group, I can only assign roles, which I can then assign to individual users. So I'm thinking that I have to create 150 roles, and assign each role/firm to its respective group/firm. That way, by assigning a user to a Drupal Role/Firm, they are then assigned to a S.A. Group/Firm.
Example:
User1 is assigned Role Firm1 which is assigned to Group Firm1
User2 is assigned Role Firm1 which is assigned to Group Firm1
User3 is assigned Role Firm2 which is assigned to Group Firm2
If User1 creates a node, and checks 'Editable by Group Firm1', then User1 and User2 will be able to edit the node, and User3 will not.
For View-ability sakes, I would have to create some 'global' groups, like Anonymous Users, Registered Users, Firm Users and assign the Firm Users Role to a All Firm Users Group. Then the author could make their node Viewable to some combination of Anon, Authenticated, or Firm Users....
Does anyone see an easier way to do this? A different module perhaps? (remember, the focus is on allowing Edit-ability of the nodes to a group, restricting View-ability is less of a priority).
I thought about Organic Groups but there was very little, if any, info about sharing Editing rights...
If it were possible to assign Individual Users (rather than roles) to Simple Access Groups, then this would be much easier...
Does anyone have any thoughts? Thanks.