I have a business case where I would like to be able to create a custom user viewer role in AGO that allows the user to only view content that has been shared to a group(s) that the user is a member of. I don't want the use to have access to any content shared across the organization. I only want them to have access to content in specific groups.
This would help protect the security of content shared to the organization in cases where we issue temporary accounts to contractors, consultants or stakeholders with whom we want to provide accounts for specific projects and they do not require access to the entire organization.
Currently there is no way to limit a user from viewing content shared across the organization.