Feature request: Restrict access to messages etc

We had a feature request in the Austrian forum to fine-grain access to messages:

Wir haben Lieferant*innen, die ihre Artikel selbst aktualisieren und Bestellungen selbst anlegen könnten, allerdings möchten wir nicht, dass sie auch Einblick in die gesamte Nachrichtenhistorie der Foodcoop haben (insbesondere wegen Nachrichten, die andere Produzent:innen betreffen).

The same could be useful for wiki, polls, member data etc. but I’m not sure if this would be the right way to do it, since it would be better to only give access to a specific supplier (and create orders for them). But this would be a start and could be easier to implement.

The only real usecase for this that comes to my mind would be when a foodcoop is checked by a finance authority - the person who checks could get an own account with access only to invoices and balancing and should not see messages etc.

sound like a legit use case! A more fine-grained authorization system would be probably useful in many cases!