CRM

Do I need to authorize the customer through the same login form as managers with performers?

Good afternoon! We are engaged with a friend in writing our customer relationship management system (purely to gain experience and skills). Almost from the start, we ran into one moment that caused us a lot of controversy. The position of a friend is such that the client needs to register and log in on an equal basis with other users through a common login/registration form for all. I think that it would be more correct not to register the client at all, but only to generate a unique URL for him, when following which the user will be able to see only the status report on his task and be able to add some comment that will be processed (in the best case) manager for the performer. I would love to get a reasoned answer for any of the cases. A small selection of our cons and counterarguments:
In the case without a single form for executors (administrators/managers) and customers:
- Ability to go to someone else's order by selecting a unique postfix in the URL (use encryption algorithms to generate a postfix).
- The inability to track the history of orders and, accordingly, the time of execution, as well as the pricing policy of the previous order (there is no other counterargument, except "this is a private matter of the company and you can contact the higher management").
- If the user, for some reason, has lost the link to his order, he will not be able to access its status and history (it is solved by calling the support service or the executive manager, which in theory will be safer, because confirmation functions can be implemented personalities: security question, phone number, etc.)
In the case of a single form of authorization:
- Users do not have the opportunity to do something beyond what is defined in the rights of the user group (if the user is in a single system for everyone, nothing prevents him from hacking it "from the inside").
- Ability to hack login form via (broot) bruteforce.