Only access to app from people on a certain domain

Case

I have a number of company internal images that I only want to share with people of the organisation.
The people could have an email address like: me@xyz.com or you@xyz.com

The organisation could have 1000 employees

Any ideas to achieve this by use of public users - if at all possible?

Details

Table with private image

User profiles table

If possible, the role should be set to employee when the domain is xyz.com

When I read about the roles in the documentation it refers to the old pricing concept I believe

If your app is on a Private Plan, you can assign roles to the users in your [User Profiles] table.

I wonder how this works with the new pricing concept?

It could be great if logic applied on user profiles table could open up for rows owned by a certain role - in the example above if you have the xyz.com domain then you get the role employee and then the rows in the table with private images are made available to use.

Ok - as I understand it now:

If you use Role in an app then your signing-in user becomes a private user.

I my example all signed-in users would therefor be private - so it seems as an app with just public users isn’t possible - and therefore the price would be way higher than a pro-app.

It is though still unclear to me whether it is possible to specify a domain as whitelisted users

It is also unclear to me if you can use roles together with public signing-in - seems to be that this is not possible.

I’m not sure it still works with the new plan, but this is the way to whitelist a domain in the old pricing scheme.

For your case though, would it be possible to set a role as the domain (using some backend manipulation to have the domain as a basic column) in both the users sheet and the images sheet? I would assume that would do the trick.