As service provider, I want to restrict access granted to tenant administrators

Steps to reproduce

While the tenant administrator requires ROLE_UI_* to be able to get a functional administrative UI, the ROLE_UI_* cannot be used to hide elements in the admin UI which, per default, shows all UI elements to tenant administrators even if they don't have access to the respective Admin UI facade REST endpoints.

Note that this is also useful for single-tenants setups: Using the tenant administrator role, it is possible to define users that have access to all content but limited access to functionality.

Use Case: A content manager (as tenant administrator) can access all content but not pages that mainly aim at system managers (Systems tables, Organization tables)

Assignee

Sven Stauber

Reporter

Sven Stauber

Severity

Incorrectly Functioning Without Workaround

Tags (folksonomy)

None

Components

Fix versions

Affects versions

Priority

Major
Configure