|
|
|
|
|
Current implementation of the Multitenancy can work in two modes/on two levels: The Multitenancy is applicable either on the same level as the other authorization methods or as a layer above them. Sometimes these two modes are referred to as a "Role-based" and "Above-the-role-based" Multitenancy.
The mode is switchable using the "Use Authorization Processor" check box.
If set to false, the Multitenancy is set one level above the other authorization methods (default option).
If selected, the Multitenancy authorization is on the same level as the other authorization methods.
This implementation is necessary because of the role principle and the compatibility with the previous solution. When the Multitenancy is set to be on the same level as the other authorization methods (the Role-based Multitenancy), it can still be bypassed by the other roles (if the user have them assigned). This can result in confusion. To avoid setting the Multitenancy authorization manually into each of the users´ roles (which is also the possible way), there is the option to set the Multitenancy one level "above" the other authorization methods.