Hi All,
We are developing a SaaS platform which is basically API first Content Publishing platform targeting Developers and Digital agencies. Our platform is developed in such a way that an agency manage multiple sites in a single tenant account. When designing the permissions for Tenant admin to sites, we had a difference in opinion among our team members.
Our Identity Management will look like this
Host Admin --> Tenant Admin --> Site Admin
Host Admin - Highest user (They will manage Tenants) They will not have access to any contents, users or content schemas of tenant but can only manage the tenants on a very higher aspect like billing, payments etc
Tenant Admin - Next Power full user after Host Admin. (Each Tenant can have multiple sites, A site can be of clients or own, Tenant admin will manage all this sites on higher level )
Site Admin - Power full user in a site. Each site have their own Identity management System for managing site users and groups.
Most of our cases, tenant admin will be a developer or digital agencies who develop sites for their clients. So ideally they will be managing Multiple sites. But some time, they can be client itself.
Now Initially We decided to give full access for Tenant Admin to all site, site related contents, users and settings under their tenant account. But this leads to a difference of opinion in our brain storming session.
Suppose Client Site is maintained (Technically maintain and Own) by a development agency, but client don't want to give access to contents, users and Schema to their development agency.
In the above situation we can have two option
Have an option to transfer the site to clients account provided client will have a valid account that allow site transfer.
To have an option for site admin to restrict the access of Tenant admin to certain areas of Site like Contents, Medias, users. In such cases only site settings will be accessible to tenants.
request your valuable suggestions on this.
Top comments (0)