Access control questions
hades200082 opened this issue · 1 comments
I have a use case as follows:
I have a single global tenant (Let's call this HQ).
I have multiple "Groups" (sub-tenants of HQ).
Each group has one or more territories under them (sub-tenants of the group).
The Groups themselves don't have a website, but each territory does. The groups are here only for access control to their territories.
Some users need to be at the "Group" level to log into any individual territory within the group, but should not be able to login to the group itself.
Some users need to be at the group level so that they can create new territories within the group.
Some users are specific to a territory - this already works.
Also, the group does not need any other collections than User and Tenant... Is there a way to hide my resource collections and globals from the "Group" level so that they can only see their child tenants and users?
Any help/guidance would be appreciated here.
Another access control question related to this. Another requirement is for territories to be able to see/access/use media files from the group. Is this possible?