Tenants

PolicyServer supports multi-tenant environments whereby you can manage policies for different groups of users, potentially as part of a multi-tenant solution. A Tenant is defined by a unique name which is used to:

  • Filter external users and roles

  • Uniquely manage policies for a specific Tenant including the custom roles, permission assignments, and role assignments

Tenant Hierarchy

Each Tenant can have any number of child tenants allowing you to model not only multi-tenant applications but also complex organizational hierarchies.

../_images/tenanthierarchy.png

Note

Each Tenant name must be unique not only within a Tenant hierarchy, but also across all Tenants and their hierarchies.

Tenant Assignments

Each Tenant in the hierarchy can create its own set of application roles, role assignments and permission assignments. For example:

  • You can create custom Roles for a Policy within a Tenant, in order to group users in a preferred way

  • You can assign Tenant specific users to Roles, including new custom Roles created for the Tenant

  • You can assign application roles to permissions which are specific to the Tenant

../_images/tenant-policy.png