Class TenantSuperAdmin
Represents a user that has been granted tenant-level super-admin privileges. TenantSuperAdmins bypass ALL permission checks within their own tenant.
This concept lives intentionally OUTSIDE of the standard Permissions/Roles system:
- it is not assignable via
POST /api/Roles/.../permissions, - it does not appear in
GET /api/Permissions, - its membership is managed only through the dedicated
TenantSuperAdminController.
One row per (UserId, TenantId) pair; a user may be a super admin in one tenant but not in another.
public sealed class TenantSuperAdmin
- Inheritance
-
objectTenantSuperAdmin
Properties
GrantedAtUtc
public DateTime GrantedAtUtc { get; }
Property Value
- DateTime
GrantedByUserId
public Guid? GrantedByUserId { get; }
Property Value
- Guid?
IsActive
public bool IsActive { get; }
Property Value
- bool
Reason
public string Reason { get; }
Property Value
- string
RevokedAtUtc
public DateTime? RevokedAtUtc { get; }
Property Value
- DateTime?
RevokedByUserId
public Guid? RevokedByUserId { get; }
Property Value
- Guid?
TenantId
public Guid TenantId { get; }
Property Value
- Guid
UserId
public Guid UserId { get; }
Property Value
- Guid
Methods
Grant(Guid, Guid, Guid?, string)
public static TenantSuperAdmin Grant(Guid userId, Guid tenantId, Guid? grantedByUserId, string reason)
Parameters
userIdGuidtenantIdGuidgrantedByUserIdGuid?reasonstring
Returns
ReGrant(Guid?, string)
public void ReGrant(Guid? grantedByUserId, string reason)
Parameters
grantedByUserIdGuid?reasonstring
Revoke(Guid)
public void Revoke(Guid revokedByUserId)
Parameters
revokedByUserIdGuid