Improve Implementation of Tenancy across Framework Services #1278
Labels
Cloud Ecosystem
Core Member
enhancement
New feature or request
general
affects multiple services or domains
The OIH Framework supports multi-tenancy setups, where each user in IAM is assigned a tenant and permissions can be designated as tenant or admin level. However, the extension of tenancy to all framework services is inconsistent. It often relies on tenants being manually added in API calls, while assigning user owners automatically.
In lib/iam-utils, the code:
This allows users to view their owned objects and all tenant objects if they are a tenantAdmin. This should be changed to allow that to be modified for users to have specific permissions on all tenant objects
The following table provides an overview of the implementation of tenants at a per-service level:
Proposal
Open Questions
The text was updated successfully, but these errors were encountered: