I have a Moodle 2.6 site we're using in my company with a hundred or so courses and maybe a dozen categories. Users (employees) authenticate via LDAP and single sign-on (NTLM SSO) against our Active Directory server. There are currently about a thousand users. Once logged in, they're free to self-enroll in any course they like.
Now I'm trying to grant access to the site to a few non-employees (contractors). They will log in manually (they're not defined in our Active Directory system-I will configure logins for them). But I want to restrict their access to only one or two courses (or maybe only the courses in a single category). I want to prevent them from enrolling in any of the other courses on the site. (It would be even better if I could prevent them from even seeing those other course titles.)
I can't use enrollment keys because it imposes unfair friction to employees, who comprise the vast majority of users.
The conditional user fields feature looked promising, but it's too low-level (activity/resource/section). The I'd like to restrict access at the course/category level.
I'd like to avoid using anonymous "guest" access, because I'd like to offer forums/quizzes etc. to the contractors for the courses to which they have access.
Any ideas on the best way to configure contractor access to my site?