Hi,
I am trying to configure a use case for a customer, where a user has different roles in different tenants. E.g. in Tenant 1 the user can use operate and optimize, but for tenant 2 the user can only use operate, so processes from tenant 2 should not appear in optimize for the user.
I configured two groups, which I both assigned to the user:
- Group a: tenant 1, roles: operate read, optimize read
- Group b: tenant 2, roles: operate read
It seems like tenants and roles are merged together since the user can see processes of both tenants in operate as well as in optimize.
Am I missing something or is this not possible?
Hi @micudaj - only the data is separated by tenant, not the apps. You grant someone permissions within an app, like Optimize, organization/cluster wide; and then also grant access to the data within a tenant.
If a user is a member of operate read, they have read-only access to Operate with access to the data from Tenant 1 and 2. If a user is a member of optimize read, they have read-only access to Optimize with access to the data from Tenant 1. If a user a member of both, that is combined and the user has read-only access to both Operate and Optimize, with access to data in each from Tenants 1 and 2.
Hope that helps!
Hi @nathan.loding. Thank you for your clarification! That cleared it up.
1 Like