I don’t believe there is anything available to address the data access part. There really isn’t a way to do that without modifying the database to support it. You can use either the “view” solution you came up with before or by introducing extra column(s) and/or tables to handle the relationships between users and data access. Without knowing all of the details, it sounds like you might be able to use roles for grouping company permissions and then assigning roles to users. These roles would be different from the roles for action permissions. To restrict the data a user sees, you could automatically retrieve the users role(s) based on the userid and use that info to modify any queries.