Hello, thanks for getting back to me. I've attached a diagram to explain our scenario..
So, starting at the top, our set up should look like this..
a manager group which has permissions to see everything but cannot edit any system settings.
a validators group which can see everything but not edit system settings
several specific broker groups. Each of these needs to be able to assign activities / tasks to the validators but should not be able to edit any system settings and should not be able to see other brokers on the system either when you click the arrow button to assign something to a user or you start typing a username in the assignment input box.
What I have tried so far:
a broker group which contains the specific broker groups with a role set on it to restrict users (owner only)
several broker groups in this with their role set to group only
a validator group with no role set
a support group around the validators and the brokers groups with permissions set to all
changed settings (see image)
This was the closest I got. Brokers couldn't view other users and specific brokers could only see their contacts BUT, they couldn't assign validators to tasks (because they couldn't see them), and when adding users to each specific broker group, they could only see contacts which had been assigned to them.