Reference fields automatically get an IS_IN_DB validator, but you can
explicitly specify your own and pass a DAL Set as the first argument to
filter the auth_user records:
db.define_table('t_customer_contact',
Field('f_customer', db.t_customer, label=T("customer")),
Field('f_contact', db.auth_user, label=T("contact"),
requires=IS_IN_DB(db(query), 'auth_user.id', format=db.auth_user.
_format)),
[etc.]
The db(query) part of that should specify a query to restrict the set to
users with particular memberships. See the book section on database
validators<http://web2py.com/books/default/chapter/29/7#Database-validators>for
more details.
Anthony
