Hello,
I am currently discovering the possibilities of multi tenant feature of camunda and I have come to few questions about it. I would like to use more tenants per single process engine multitenancy.
The question is can I restrict a tenant admin to only be able to grant some authorizations? Eg. If an user has an authorization authorization he can grant himself a tenant and tenant membership authorizations as well and become all tenant admin. This is something what I want to restrict. Is it possible to do this via a resource id like “DENY tenantMembership” or something?
Similar problem comes with user administration I would like to set tenant admin to be able to administer only the users which belong to his tenant. But I don’t want the tenant admin to be able to do anything about users of other tenants.
Is something like this possible? Or should I rather use the one process engine per tenant approach?
Thank you
Adam