Particolar case of access control

Good morning,
this is my behaviour that I would like to reach in our installation of Suite CRM.

  • We would have 2 type of users: internal users and partner users: at the moment we don’t have something that identifies the type.
    – internal users are users that can access to account, contacts, contracts etc modules, and records are assigned to them. They can also create/modify records.
    – partner users can access to particular custom modules and they must have particular and limited actions.

  • I would like to create into Users module a related field to Account module (Is it possibile?)

  • Accounts must be assigned to internal users only (there is no the possibility to assign them to partners user)

  • In a custom module, there are two fields related to Accounts module: partner, and customer
    – if the internal user operate into this module (i.e. create a new record, modify etc.) he can choose and see all accounts.
    – if the partner user operate, he can access to Account module and see only their customer. (their customer = accounts that have parent_id field filled with account reated to user)

I try to explain with a simple example:

U1: internal user
P1: partner user
A1: an account with assigned_user_id = U1
A2: another account with assigned_user_id = U1
C1 & C2: accounts with parent_id = A1
C3: account with parent_id = A2

In Users module, create a related field to account module (i.e. account_partner)
P1: has account_partner = A1

In my custom module I have: partner_account and customer_account : 2 related fields to account module

if P1 made operations on it, I would like that partner_account field will be filled with A1 (account_partner value for this user) and customer_account choose only amongst C1 & C2 (accounts with parent_id = A1)

How can I configure my users to reach this behaviour?
Is there the possibility to reach this, operate only with security groups and roles?
Can someone help me? maybe with an example of configuration?

Thank you so much,