Thanks for the response guys.
This might work.....
All data belong to the CompanyUserId, where multi user can login as the the company user id and manage items that belong to companyuserid.
-Once logged in, set session.EffectiveUserId to the logged in UserId.
-After this look up "UserAccess" by EffectiveUserId to see which company the current logged in user can manage.
-Once the user selects a Company, log into using CompanyUserId
-Now in every webscreen and action verify the session.effectiveUserId has permission to perform the required task.