We are a mulit tenant site. Some of our tenants have different requirements including which access types apply to their tenancy. There are some access types that do not apply to all tenants. An example is tenant group access types may only apply to a certain tenant or the service provider tenant..
We have concerns with the viewing of all access types on contact record dropdowns especially for our tenant specific analysts that would only ever require the ability to create and edit customer contacts. Because these analysts need to be able to create and edit contact records they get the full drop down list of access types when creating new contacts. This means we cannot use roles with tenant group or single tenant on access types because a naming convention is required. Using access type naming convention has the potential to identify our tenant names to any tenant that has an analyst. Security does not allow these tenant analysts to select the access type. Our single tenant analysts comment on why they are not just provided the list they have edit rights to select.
To be able to utilize tenant groups or single tenant roles as part of access types we need to be able to choose which tenants can see all (public) access types and which ones need to be restricted to a specific tenant .
What I am suggesting is:
- The edit function for analysts with limited security rights should only provide access types in the dropdown that the logged in analyst role has permissions to populate, not the complete list of active access types.
2. A way to have access types that are tenanted. As soon as you add a role that has a named tenant or tenant group it becomes difficult to manage the access type because naming conventions must be used for the access type.