We are using private categories for restricting access to different groups of users, so essentially keeping those users separate as they belong to different organisations and will not want to see what each other are posting.
The settings for restricting visibility of the groups is working well. Even with group directory enabled, users can only see the groups that they are a member of so we can ensure there is no visibility of groups between organisations.
However, users themselves remain visible and there seems no way to switch it off. It is possible to disable the user directory, but there seems to be no way off disabling user search across the whole site in the search box:
Our users will not be at all happy about being in any way visible to users in other organisations. Whilst we can disable their real names from appearing, many of our usernames are well structured and derived from email addresses (and we use SSO so they can’t change them). So it causes a privacy issue.
What we really could do with is a way of either a) disabling user search altogether or b) restricting visibility of a member to only users within groups of of which the user is a member. Is either of these hackable?