To make sure the company users are not visible to each other, you can use access rules on the user entity.
Passing the company object needs to be done before showing the edit page of the user. Retrieve the company from the current user and create a user object with this company.
The flow will look something like this:
With this XPath for the retrieve:
Optionally, you can set the editability to never on the page.
Hope this is the answer you were looking for.
You can implement a constraint directly within the entity, limiting access to specific companies based on current user affiliation.
So, you need to follow two steps:
1. Configure Xpath constraint in the entity:
2. Enable “Apply entity access” in Properties > General > Security: