User Roles in a Multitenant Environment
Multitenant environments include a service provider and multiple tenants. Each role has distinct responsibilities and associated activities.
The service provider owns the system and manages its use by multiple tenants. The service provider can see data across all tenants. The Managed Security Service Provider (MSSP) administrator is typically responsible for the following activities:
Administers and monitors the system health of the JSA deployment.
Provisions new tenants.
Creates roles and security profiles for tenant administrators and users.
Secures the system against unauthorized access.
Creates domains to isolate tenant data.
Deploys changes that the tenant administrator made in the tenant environment.
Monitors JSA licenses.
Collaborates with the tenant administrator.
Each tenancy includes a tenant administrator and tenant users. The tenant administrator can be an employee of the tenant organization, or the service provider can administer the tenant on behalf of the customer.
The tenant administrator is responsible for the following activities:
Configures Network Hierarchy definitions within their own tenancy.
Configures and manages tenant data.
Views log sources. Can edit the log source to coalesce data and can disable log sources.
Collaborates with the MSSP administrator.
The tenant administrator can configure tenant-specific deployments, but they can't access or change the configuration for another tenant. They must contact the MSSP administrator to deploy changes in the JSA environment, including network hierarchy changes within their own tenant.
Tenant users have no administrative privileges and can see only the data that they have access to. For example, a user can have privileges to view data from only 1 log source within a domain that has multiple log sources.