i am expanding some apps from a single customer to multi tenant ,
can any one check my questions?
1 - what is a better authentication ,- user, app or groups? most examples are on group auth but in multi tenant situation , a tenant admin needs to manage their sub tenant users.
2 - when a tenant is authenticated , i keep the current tenant id as a global variable for data filtering. is it safe ? can users access the session data and change the current tenant/global variables and be able to see other tenants data?
thanks all in advance,
have a great day!