Restrict user to its company's assets and records

I want my resellers to use my Stock, to sell my products, but not allow them to see each others customers or transactions. I already read docs about frappe permission manager, but can’t figure out how to solve mentioned problem.
Can it only be done be customizing python and api logic? Or maybe using client scripts?
Has anybody had same issue?
Any clue would be appreciated.

I use frappe and erpnext v15

If you restrict user permission for the company then apply the User Permission.

I already watched that movie and read all the docs about User Permissions. Unfortunatelly, after restricting users to their companies, they still can see each others records, i.e. Customers. My goal is to let them view only records created by users from one company, not from the other. Also I need them to use stock products created by myself and my employees.
So, I’m asking again: does this kind of logic need to be coded in Python or JS, or maybe it can be applied in backend?

Also possible, you can apply the user permission for the specific company (one company). and if you want, the user can see only his record then apply for the role permission and select the checkbox “Only If Creator”

I am aware of “Only if creator” option, but it doesn’t solve my issue, as there are multiple users inside one compnay, the same as in the other company.

You can set the user company-wise.


User can view the company that you set it in User Permission.

I mentioned that I already did that, but this is not the way to move forward with my issue.
I have a workaround, but tested only for Customers doctype. I created new customer categories, one for each company, then added permissions for these groups to specific company’s users. Now Customers are visible to users only inside a company, that “owns” customer record.
Now, I have to figure out how to apply this to other docs, like Leads etc.

First thing, Lead has a company field so you can manage records user-wise and company-wise. I suggest you to check the permission once again and how it works in the system because if you can easily manage it by coding, I think you are wrong so I am not easy to develop it. And if you want to develop these things you can check the code in the base regarding role/user permission.