We are using private categories for restricting access to different groups of users, so essentially keeping those users separate as they belong to different organisations and will not want to see what each other are posting.
The settings for restricting visibility of the groups is working well. Even with group directory enabled, users can only see the groups that they are a member of so we can ensure there is no visibility of groups between organisations.
However, users themselves remain visible and there seems no way to switch it off. It is possible to disable the user directory, but there seems to be no way off disabling user search across the whole site in the search box:
Our users will not be at all happy about being in any way visible to users in other organisations. Whilst we can disable their real names from appearing, many of our usernames are well structured and derived from email addresses (and we use SSO so they can’t change them). So it causes a privacy issue.
What we really could do with is a way of either a) disabling user search altogether or b) restricting visibility of a member to only users within groups of of which the user is a member. Is either of these hackable?
If you want total separation between different user bases, running multiple Discourse instances might be easier and safer. (With Multisite, this requires almost no additional resources.) Otherwise, while you might be able to build a plugin that closes some loopholes like search, there’s a significant risk that you’ll overlook some vector.
Thanks Felix - really appreciate your reply. I was this morning wondering if I needed multiple instances, I didn’t know about Multisite thought. I’ll look into it! Thanks again…
The most important thing to understand while you consider your options is this: Except for resource usage, using multisite is like using completely separate Discourse instances. No data is shared. From the outside, the setup will be (almost) indistinguishable from you just having one server per Discourse installation, each simply set up according to the normal install guide.
The only – but very important – advantage of multisite is resource usage: For the system requirements, you can consider all instances as if they were one large instance, which heavily reduces RAM requirements
