Skip to main content

TenantAdmin Access Control

TenantAdmins have a scoped view of the platform, limited to their assigned tenant's resources. This page describes what TenantAdmins can and cannot see compared to SuperAdmins, and how the UI enforces these restrictions.

Role Comparison

CapabilitySuperAdminTenantAdmin
View all tenantsYesNo
Switch tenant contextYes (dropdown)No (locked to own tenant)
Manage MTGEsFull CRUDRead-only ("Shared Gateways")
Manage edgesAll tenantsOwn tenant only
Manage usersAll tenantsOwn tenant only
System settingsAll tabsFiltered subset
Assume identityYes (env-gated)No
Audit logAll tenantsOwn tenant

The sidebar dynamically adjusts its menu items based on the user's role and the current tenant context.

TenantAdmin Sidebar

TenantAdmins see all standard menu groups (Home, Equipment, Network, Monitoring, Analytics, Administration) scoped to their tenant. Key differences:

ItemSuperAdminTenantAdmin
Shared GatewaysLinks to /mtges (full MTGE management)Links to /shared-gateways (read-only view)
Tenants (Administration)Visible, links to /admin/tenantsHidden
My TenantNot shown (uses Tenants list instead)Available at /my-tenant

SuperAdmin "All Tenants" Mode

When a SuperAdmin has no tenant selected (the "All Tenants" context), the sidebar is significantly reduced.

note

The Tenants menu item (linking to /admin/tenants) is only visible when the SuperAdmin is in "All Tenants" mode (isSuperAdminAllTenants is true). It is hidden when a specific tenant is active in the topbar dropdown.

Visible items:

  • Home (Dashboard)
  • Equipment -- only Shared Gateways (/mtges)
  • Administration -- Users, Tenants, Audit Log, System Settings

Hidden items (require tenant context):

  • Equipment: Config Templates, Edges, Connectors, Devices, Device Groups
  • Network: Edge Peering, Policy Templates, Applications
  • Monitoring: all items
  • Analytics: all items
  • Administration: Companies, Roles & Permissions

The Dashboard shows a "Select a Tenant" prompt card explaining that a tenant must be chosen from the top dropdown to access tenant-scoped features.

Route Guards

The UI enforces access control at the routing level using two guard components:

TenantGuard

Wraps all tenant-scoped routes (Equipment, Network, Monitoring, Analytics). If a SuperAdmin navigates to a tenant-scoped route without selecting a tenant, they are redirected to /dashboard.

Protected routes include:

  • /edges, /connectors, /app-devices, /app-device-groups
  • /edge-peering, /routing-policies, /applications
  • /monitoring/*, /analytics/*
  • /admin/companies, /admin/roles, /admin/config-templates
  • /shared-gateways

SuperAdminGuard

Restricts specific routes to SuperAdmins only. Non-SuperAdmins (including TenantAdmins) are redirected to /dashboard.

Protected routes:

  • /admin/tenants -- Tenant list
  • /admin/tenants/:id -- Tenant detail
  • /mtges -- MTGE management
  • /mtges/:id -- MTGE detail
  • /mtges/:id/config -- MTGE configuration
note

Route guards run on every navigation and cannot be bypassed by URL manipulation. Even if a TenantAdmin manually enters /admin/tenants in the browser address bar, they are immediately redirected to the dashboard.

My Tenant

TenantAdmins access their own tenant's details via My Tenant (/my-tenant) instead of the SuperAdmin Tenants list. This page shows:

  • Tenant name and details
  • Assigned edges and connectors
  • Tenant-specific configuration
  • Quick access to tenant settings

This route is available to all authenticated users but is primarily intended for TenantAdmins who cannot access the Tenants list.

Shared Gateways

The Shared Gateways sidebar item behaves differently based on role:

RolePathBehavior
SuperAdmin/mtgesFull MTGE management (create, edit, configure, assign tenants)
TenantAdmin/shared-gatewaysRead-only view of MTGEs assigned to their tenant

The TenantAdmin Shared Gateways page shows:

  • MTGE name, status, and WAN IP
  • Capacity and tenant slot information
  • Their tenant's assignment on each MTGE
  • Tunnel protocol (WireGuard or IKEv2)

TenantAdmins cannot:

  • Create, edit, or delete MTGEs
  • Modify tenant assignments
  • Access MTGE configuration pages

System Settings (Filtered Tabs)

TenantAdmins see a filtered subset of the System Settings tabs:

TabSuperAdminTenantAdminNotes
GeneralYesYes
SecurityYesYes
DiscoveryYesHiddenContains orchestrator configuration
NotificationsYesYesSMS and Webhook toggles are disabled (coming soon)
Email TemplatesYesYesTenantAdmins manage tenant-specific template overrides
AlertsYesYes
Backup & RestoreYesHiddenSystem-level operation
Global VSAYesHiddenMulti-orchestrator configuration
DefaultsYesHiddenSystem-wide default values

Tenant Settings Override

When a TenantAdmin changes a setting, the value is stored as a per-tenant override in the tenant_settings table. This override applies only to their tenant and does not affect the system-wide default or other tenants.

Settings are merged at read time: tenant-specific values take precedence over system defaults. Categories include general, security, notifications, email_templates, and alerts.

Email Templates

TenantAdmins can customize email templates for their tenant:

  • System-level templates (where tenant_id is NULL) serve as defaults
  • TenantAdmins can clone system defaults to create tenant-specific versions
  • Tenant-scoped templates are isolated: one tenant's changes do not affect another

Dashboard Behavior

ContextBehavior
SuperAdmin + specific tenantFull dashboard with all cards and metrics
SuperAdmin + "All Tenants""Select a Tenant" prompt card only
TenantAdminFull dashboard for their tenant (no tenant switcher)

See Dashboard Overview for details on dashboard cards and metrics.