We would prefer if users from site A would not be able to see users from site B.
How can I restrict access to the users list? Now they can go to People tab and see all users and even their emails.
Both A and B sites are private.
What's even worse, they can see the user's content which is uploaded on the Site on which they are not the members. (It's about the content with permission set to GROUP_EVERYONE, but I'd prefer the "Everyone" mean "Everyone on this site")
I asume that you are granting permission on a specifict content to group_everyone manually beacause in a private site this group has no permission asigned by default.
For each site there is a serie of groups that contain all the user and groups invited to the site. This groups are called site_<short name of the site>_SiteCollaborator, site_<short name of the site>_SiteConsumer, site_<short name of the site>_SiteContributor y site_<short name of the site>_SiteManager
Grant a specifc permission to a content to all of this specials groups is equivalent to grant it to "Everyone on this site".
Exist one more group for each site called site_<short name of the site> that include the other four but this group is not available in the permission managment action althought you can use it for example in an script.
With respect to the people tab, this screen is outside the scope of any site so it is design to search people in all Alfresco. If you want to restrict it result to the sites in with the user logged is included you have to implement a customization, making a custom service and calling it from a customized version of the page.
Users / person objects in Alfresco are nodes just like any content / folder. They can have permissions applied, to restrict who can view that person's details. In a few (1-2) projects I have actually implemented a behaviour which disabled permission inheritance on person nodes and set specific permissions, as well as used that behaviour to automatically add / remove permissions when a user / group was added to / removed from a site role, in order to ensure all members of a site could see the other members of the site, but users would not be publicly accessible unless one was in at least one common site. It works in principle, but there are a couple of trip wires in Alfresco: not all core functionality and 3rd party addons have been developed in a way that is compatible with such a customisation, i.e. they typically assume person nodes are always accessible and likely will break if custom permissions change that. So you'd have to be prepared to fix issues in Alfresco core and 3rd party addons if you decide to go this route.
I am only afraid of the GDPR (General Data Protection Regulation) rules abut the privacy. People who are assigned to different sites may not be connected to each other and it might be against the law if they can acquire information about each other's first name, surname and Email.
Can I clarify what it is you want just so that I understand your GDPR requirement?
1) Each private site member to remain invisible to members of other sites, unless they share membership of a private or belong to a public site.
This to include all PI data and all documents that they author.
2) People search - to only return users who belong to the same private sites that the person searching belongs to and users that belong to a public site.
3) Solr search to behave similarly to people search - only return results from public and shared private sites.
4) Site administrators and users to be able to turn off display of PI data on a case by case basis.
Does that cover what you are looking for?
Regarding GDPR - from my (limited) understanding, GDPR does not cover the sharing of such information as email names, etc, within a company setting.
As for restricing access to user's documents on a private site. Here's what I've found when testing lastest Community release (6.2.0 GA) without any modification of standard settings.
Administrator setup 3 user groups (Test Group 1, 2 & 3)
Administrator setup two private sites (Test Site 1 & 2) and one public site (Test Site 3).
Each site was associated with a user group - Test Group 1 was associated with Test Site 1, etc.
Administrator created 6 users Test1, Test1b, Test 2, Test2b, etc), uploaded avatars for two users.
Users were added to the test user groups (Test1 & Test1b were added to Test Group1, etc) & were added to a site (Test1 & Test1b were added Test Site 1, etc).
So each site had two users, one as consumer and one as collaborator.
Each user completed their profile information. Four added their own avatars.
Can see all people, sites, documents, etc. As expected.
Documents & Sites: user can only see content from private sites they are subscribed to. This includes Solr search.
So, user Test1 can see documents in Test Site 1, including documents belonging to user Test1b, as they are both members of Test Site 1. The user cannot see or find documents in Test Site 2, or members of Test Site 2.
However, users can see content from public sites for which they are not members (as expected).
People search: user can search all users, regardless of site membership. They can view all profile information, including email, company details, avatar, etc. regardless of site membership.
Documents - it is possible to restrict access rights to other user's content & site membership if the sites and user groups are set up accordingly.
People Search - confirm that information such as name, email, company details, is available from all repository users.
As for GDPR compliance (& I'm no expert) I think it depends on the context? If ACS is being used for internal or intra company application, I'm not sure GDPR is an issue. If its a public facing site, then that's a different matter altogether.