Versions Compared

Version Old Version 31 New Version 32
Changes made by

Jim Wilson

Jim Wilson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Multi-tenant Score design

Info

In this section, “Score” refers to multi-tenant Score instances (i.e., Score 2.5 and later).

  1. Phase 1 of Multi-tenant Score will use the current built-in capability for authentication, and for authorization of Score roles. Accedia will develop further authorization functionality based on a user’s tenancy.

  2. Score 2.5 and later will be released with:

    1. Context A context category : named Tenant

    2. Context A context scheme : named Tenant (based on the context category Tenant)

  3. No user (not even Dev/Admin) may delete or rename the Tenant context scheme (Accedia will need to implement restrictions.)

  4. No user (not even Dev/Admin) may delete or rename the Tenant context category. (Accedia will need to implement restrictions.)

  5. Only Dev/Admin may manage values in the Tenant category scheme. (Accedia will need to implement restrictions.)

  6. Dev/Admin may manage all business contexts, whether or not the user is associated with any tenant. (This is supported today, but Accedia will need to ensure that other feature implementations restrictions it implements do not inadvertently restrict this.)

  7. Only Dev/Admin may add or delete a Tenant context scheme value to a BC that has BIEs associated with it. (Accedia will need to implement restrictions.)

    1. Why? This should prevent two undesirable situations (just FYI):

      1. a user assigning a Tenant context scheme value to a BC that does not have one assigned, thereby restricting access to that BIE

      2. a user assigning another Tenant context scheme value to a BC that already has a Tenant context scheme value associated with it, thus potentially unintentionally enabling access to many users

  8. When creating a BC, users may only use Tenant context scheme values matching the user's tenancy. (Accedia will need to implement restrictions.)

  9. Only a user with the appropriate tenancy may manage a business context containing a Tenant context scheme value. (Accedia will need to implement restrictions.)

  10. Users may be associated with zero or more tenants where the possible tenants are those specified as valid values for the Tenant category context scheme. (Accedia will need to develop new functionality, including database changes/additions that store data about the associations.)

  11. A user may only access BIEs:

    1. associated with at least one business contexts that has as least one Tenant context scheme value matching the user’s tenancy.

    2. associated with business contexts that do not include a Tenant context scheme value.

    (Accedia will need to implement restrictions.)

Another way to think about #11 is that if any context associated with a BIE has a Tenant context scheme value, then access to that BIE is determined by the user’s tenancy (except for Dev/Admin). Otherwise anyone can access the BIE.

Image Added

Logical process for determining what BIEs to show in a BIE list

...