Tenants

The Tenants view provides comprehensive management capabilities for multi-tenant DataStream deployments. This interface enables administrators to create, monitor, and manage separate tenant organizations with dedicated resource allocations and complete data isolation.

---

To access the Tenants view:

• Go to the Home > Organization pane
• Click Manage Tenants

-or-

• Click the hamburger menu on the top left
• Select Organization > Tenants

The view contains the following essential components:

• Search tenants - Filter tenants by company name or owner
• Status filter - Show tenants by status (All, Active, Inactive)
• Add new tenant - Create new tenant organizations
• Tenant table - Display tenant details and management options
• Items per page - Control pagination settings
• Action menu - Access tenant-specific operations

Tenant Table

The table displays all tenant organizations with their operational status and resource usage:

• Company Name - Tenant organization identifier
• Account Owner - Primary administrative contact
• Data Ingestion Limit - Allocated daily processing capacity (GB)
• Av. Daily Data Ingest - Current usage percentage of allocated limit
• Status - Tenant operational state (Enabled/Disabled)

Tenant Actions

The Action Menu (⋮) in the tenant table provides quick access operations:

• View company details - Access detailed tenant information and settings
• Log in to tenant - Switch context to manage tenant-specific configurations

Tenant Detail View

Selecting a tenant from the table opens the detailed tenant management interface with comprehensive operational controls organized into tabbed panels.

Detail View Navigation

The tenant detail view provides four primary management panels:

• Tenant Details - Company information, configuration settings, and resource limits
• Plan Usage - Resource consumption tracking and capacity monitoring
• Activity Logs - Tenant-specific audit trail and activity history
• Access Requests - Temporary access management and permission delegation

Detail View Actions

The Actions menu in the detail view provides tenant-specific operations that vary based on current tenant status:

Available for All Tenants:

• Log in to tenant - Switch context to the selected tenant organization

Active Tenant Operations:

• Disable tenant - Deactivate tenant access while preserving data

Inactive Tenant Operations:

• Enable tenant - Restore access to previously disabled tenant
• Delete tenant - Permanently remove tenant and all associated data

Access Requests

The Access Requests system enables time-limited permission delegation for tenant access, allowing administrators to grant temporary access to users with specific permissions and automatic expiration. This feature supports controlled collaboration and audit compliance for sensitive tenant operations.

Access Request Overview

Navigate to the Access Requests tab within a tenant detail view to manage temporary access permissions.

The access requests table displays:

• User - Email address of the user requesting access
• Status - Current request state (Active, Pending, Expired, Revoked, Rejected)
• Expiration - Access expiration date and time with relative countdown
• Permissions - Count of granted permissions with detailed breakdown
• Actions - Request-specific operations menu

Access Request Status

Access requests progress through defined lifecycle states:

• Pending - Request created but not yet active
• Active - Currently valid access with permissions applied
• Expired - Access period ended, permissions automatically revoked
• Revoked - Manually cancelled before expiration
• Rejected - Request denied by administrator

Create Access Request

1. Navigate to Access Requests

   • Open tenant detail view
   • Select Access Requests tab
   • Click Create new access request

2. Select User and Duration

   • User: Choose target user from dropdown
   • Request Note: Document justification for access
   • Expiration: Set access end date/time or select preset duration

3. Configure Permissions

   Access requests support two configuration methods:

   Basic Configuration:

   • Select from predefined custom roles
   • Single role selection grants complete permission set
   • Simplified workflow for standard access patterns

   Advanced Configuration:

   • Granular permission selection by access group
   • Select specific permissions from categorized groups
   • Search and filter available permissions
   • Select all or remove all permissions per group
   • Save custom selections as reusable custom role

4. Review and Submit

   • Review selected permissions in summary panel
   • Verify user, expiration, and permission details
   • Submit request for activation

Access Request Actions

The Action Menu (⋮) for each access request provides status-appropriate operations:

All Requests:

• See details - View complete request information including full permission list

Active Requests:

• Extend access time - Modify expiration date to extend access period

Active and Pending Requests:

• Revoke access - Immediately cancel access and remove permissions

All Requests:

• Clone access request - Duplicate configuration for similar access needs

Managing Pending Access Requests

When access requests are submitted, administrators can review and respond to pending requests through the Access Requests interface.

Pending Request Actions:

The Action Menu (⋮) for pending requests provides:

• Manage request - Open detailed request view with approval options

Request Detail Drawer:

When managing a pending request, a side panel displays comprehensive request information:

Request Information:

• Requesting User - Full name of the user requesting access
• Request Send For - Email address of the requesting user
• Request Time Limit - Duration of requested access period
• Request Note - Justification provided by the requesting user
• Permission Status - Current request state (Pending)
• Permissions Expires At - Scheduled expiration date and time
• Full Permission List - Complete breakdown of all requested permissions organized by access group

Approval Actions:

The drawer provides two response options:

1. Approve Request

   • Grants all requested permissions to the user
   • Activates access immediately
   • Changes request status from "Pending" to "Active"
   • Records approving administrator and timestamp in audit trail

2. Reject Request

   • Denies access request without granting permissions
   • Changes request status from "Pending" to "Rejected"
   • Records rejecting administrator and timestamp in audit trail
   • User must submit new request if access is still needed

Response Tracking:

After approval or rejection, the access request table displays:

• Action Taken By - Administrator who approved or rejected the request
• Action Taken At - Timestamp when the response was recorded

Notification Workflow:

• Success notifications confirm approval or rejection actions
• Failed actions display error messages requiring retry
• All actions are logged in tenant activity history

Permission Management

Custom Role Creation: When using Advanced Configuration, administrators can save permission selections as reusable custom roles:

1. Select desired permissions from access groups
2. Click Save as custom role
3. Provide role name and description
4. Custom role becomes available for future Basic Configuration selections

Configuration Method Switching: Administrators can switch between Basic and Advanced configuration methods during request creation. Switching between methods clears current selections.

Access Request Monitoring

Expiration Tracking: The system displays expiration dates with relative time indicators:

• Hover over expiration date to view countdown (e.g., "expires in 3 days")
• Expired requests show "expired at" with timestamp
• Visual status tags indicate current state

Search and Filtering:

• Search access requests by user email
• Filter requests by status
• Paginate through request history

Multitenancy Management

VirtualMetric DataStream multitenancy enables enterprises to allocate licensed resources to other organizations, creating isolated tenant environments for independent telemetry processing. Each tenant operates with dedicated resource allocations, separate configurations, and complete data isolation while sharing the underlying DataStream infrastructure.

Create New Tenant

1. Access Tenant Management

   • Navigate to Organization → Tenants
   • Click Create New Tenant button

2. Configure Tenant Details

   • Tenant Name: Unique identifier for the organization
   • Owner: Primary contact for the tenant
   • Status: Set to Active to enable access
   • Parent Tenant: Select parent for hierarchical structure (optional)

3. Set Resource Limits

   • Data Ingestion Limit: Daily data processing threshold
   • User Limit: Maximum number of users allowed
   • Storage Limit: Data retention capacity restrictions
   • Pipeline Limit: Maximum concurrent processing pipelines

4. Subscription Configuration

   • Plan ID: Select appropriate service tier
   • Edition ID: Choose feature set availability
   • Subscription ID: Link to billing subscription

Tenant Hierarchy Management

Parent-Child Relationships: Tenants can be organized hierarchically for enterprise management.

• Parent Tenant: Controls child tenant configurations and limits
• Child Tenant: Inherits parent restrictions and policies
• Data Isolation: Each tenant has completely isolated data processing and storage

Subtenant Management

Create subtenants for departmental or project-specific data isolation:

1. Create Subtenant

   • Navigate to tenant → Subtenants section
   • Click Add Subtenant
   • Configure name, owner, and resource allocations

2. Subtenant Properties

   • Owner Email: Administrative contact
   • Usage Tracking: Monitor data ingestion against limits
   • Independent Configuration: Separate devices, pipelines, and targets

Disable/Delete Tenant

Disable Tenant:

1. Navigate to Tenants management
2. Select target tenant
3. Change Status to Inactive
4. Tenant retains data but loses access

Delete Tenant:

1. Prerequisites: Tenant must be inactive and data exported
2. Navigate to tenant settings
3. Click Delete Tenant (requires confirmation)
4. Warning: This permanently removes all tenant data and configurations

Tenant Access Control

Each tenant maintains independent:

• User accounts and roles
• Device configurations
• Processing pipelines
• Target destinations
• Audit logs and monitoring

Users cannot access data or configurations from other tenants, ensuring complete isolation.

Resource Monitoring

Track tenant usage through:

• Daily data ingestion volume
• Active user count
• Storage consumption
• Pipeline execution statistics

Alerts trigger when tenants approach configured limits.