Scenario: We would like to associate each customer company with a tenant in order to bundle users and seperate access to data. We would like to define different permissions to protectect parts of a web page. We would like to reuse the roles across the different tenants.
Propose solution Tenant 1 used for customer a Tenant 2 used for customer b
Role A( TenantId NULL), Permission 1 (TenantId NULL) Role B( TenantId NULL), Permission 2 (TenantId NULL)
Customer a(TenantId 1), role A Customer b(TenantId 2), role A
When the 'customer a' user logs in, the isGranted(Permission 1) is always false unless a seperate role is created with the same TenantId as the customer user. (role, user, user account, and permission also needs to be associated with the same TenantId).
But this leeds to many roles covering the same permission(s), namely that each customer needs to have the same role defined to cover the same permission(s). Is there another way around this?? Maybe a isGranted method that does not take tenantId into account, but just checks that a user is associated to role with a permission, not using the tenantId filter?
I hope it makes sense :)
Cheers Kim
