Best way to achieve multi tenancy or user groups

Hi all, I’m looking on how to achieve a kind of matrix of user access control. I want to control users to have role of either user or admin, and to map each user to group/tenant. So each user would have exactly one selection of this matrix and the group entities are editable in runtime not development. Preferably I would like to control the access to entities base on this grouping  too. What would be the best way to achieve this?
2 answers

Try the marketplace app “Multi tenant administration”. Hope you can apply it.

Alternatively: Start out with adding the modules SystemManagement and Person to your application. See how these manage System.User and the Person’s roles. Add an entity ‘Team’ and folder ‘Teams’ (or a separate module if you feel up to it), having a 1-* association to Person (or System.User if you decided not to import the SysMan&Person modules), Generate overviewpages from the domainmodel and the logic.


I think I found an alternative way via  Administration module. 

The Account entity there can be linked to my apps tenant/group entity so that all users belong to one group/tenant.

Then linking all my entities to that group/tenant, allows me to restrict users to see only object that are belong to same group/tenant, the belongs to.