A tenant hierarchy is a structured tenant group that is created or modified when you create a tenant under a parent tenant. The tenant becomes a subtenant of the parent and higher tenants (if any) in that hierarchy.The service provider or the primary tenant administrator can create multiple unrelated hierarchies but you can define standalone tenants as well.

A subtenant typically represents a subdivision within its super tenants. A subtenant can have its own business rules, workflow, Reports and UI customization etc, and super tenant’s meta-data is inherited by the subtenant automatically on a read-only basis for selected functionalities.

CelloSaaS supports tenant hierarchy of unlimited depth i.e. Sub tenants can be created up to nth level. However, the service provider or the primary tenant can specify a limit on the total number of tenants. The service provider also determines whether individual tenants can have subtenants.

The concept of Tenant hierarchy is largely used in many domains/products. For Example in large organizations it makes it easier to manage users across departments or for resellers to keep accounts or companies segregated appropriately.

There are many questions raised while we discuss about this concept, they are

1. How many administrators should we allow within a tenant?

The answer is ‘n’. You can create as many Administrators as you want to manage a tenant.

2. If an administrator of one lower-level tenant needs to be also the administrator of another lower-level tenant, does that get into the domain model?

Yes absolutely, by using the concept of User sharing/ Account linking, where in a user of a tenant can be a shared with other tenant(s), in which he can play any of the tenant’s own roles. Please refer User sharing

3. What changes, if any, are needed to secure admin functions (CRUD users for example) to the lower-level tenants? Ex: Lower level admin can only perform admin functions on their tenant.

Yes, the administrator can set different privileges for different roles, in CelloSaaS; a user who has the certain privilege can only do certain actions.

Below are the variety of Tenant models supported by Cello Framework.

Parent Tenant

Immediate Parent Tenant

All the sub/child tenants under the primary tenant

The immediate child tenants under the primary tenants

All Bottom Tenant