> The overall-rights-matrix on only-one-userbase makes it > difficult to wall in each of the groups, so they never > see or notice one of the others. It *is* possible, but > error-prone, if the 'groups' try to administer their own > 'set of queues'. One wrong click or 'right' and information > leaks will happen. In sigle-tenant-setups this stays > impossible and virtual hosts are relatively cheap.
An application has to be designed to be multi-tenanted from the ground up to avoid these dangers. I guess RT is not. When we design multi-tenant apps, we get so paranoid that we add a "clientID" column to each table, without exception. Don't want to mess with leaks across these walls -- clients will disappear before we know it. Shuvam -------- We're hiring! http://bestpractical.com/jobs
