Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Design under discussion here: https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=68715910
The requirements below are seed requirements and final design guidance should defer to the evolving wiki page discussion referenced above.
Overview
The goal of this system is to create a hierarchical tenancy system which is very simple to understand and administer and is highly expandable so that large organizations with many subsidiaries have the flexibility to create child-tenants to their liking.
General Seed Requirements
1. Provide a structure to create a hierarchy of Tenants where each Tenant has a single parent-Tenant and can have multiple child-Tenants
2. Provide the ability to group multiple Delivery Services, Users, and child- Tenants under each Tenant
3. Provide the ability to create at least 10 child-Tenant layers within the system
4. Make it easy to assign a User to a single Tenant so that they inherit their permissions to all child-Tenants and Delivery Services.
5. Adding child-Tenants or Delivery Services anywhere in an existing tenant hierarchy does not require re-assigning users. Users inherit pre-defined permissions to new tenants and services added below their assigned layer in the tenancy tree.
6. Allow Users to be assigned multiple Tenants, each with different Roles. While a user would inherit their access to all services and child Tenants below them, they may need more restrictive access further up the Tenant hierarchy or they may want different access to another branch of the tenant tree.
