|
|
|
|
|
Multitenancy
The basic idea of Multitenancy functionality is to set user rights not according to user roles but according to object relations. The relations are represented by special HLQ (high-level qualifier) attributes.
In an example scenario, users are to be allowed access only to systems and components belonging to a certain department. Correspondingly, the goal is to authorize according the department affiliation. For example, user A is a developer and should have access to systems assigned to the 'Development' department while user B works in marketing and should have access to systems assigned to the 'Marketing' department. Both user A and user B have the 'Employee' role but they differ in their multitenancy datasets.
Current implementation of Multitenancy can work in two modes:
- Role-based: Multitenancy is applicable either on the same level as other authorization methods
- Above-the-role-based: Multitenancy acts as a layer above other authorization methods.
The mode is switchable on the General tab using the "Use Authorization Processor" check box.