Table of Contents

Class TenantSuperAdmin

Namespace
KadicAuth.Domain.Entities
Assembly
KadicAuth.Domain.dll

Represents a user that has been granted tenant-level super-admin privileges. TenantSuperAdmins bypass ALL permission checks within their own tenant.

This concept lives intentionally OUTSIDE of the standard Permissions/Roles system:

  • it is not assignable via POST /api/Roles/.../permissions,
  • it does not appear in GET /api/Permissions,
  • its membership is managed only through the dedicated TenantSuperAdminController.

One row per (UserId, TenantId) pair; a user may be a super admin in one tenant but not in another.

public sealed class TenantSuperAdmin
Inheritance
object
TenantSuperAdmin

Properties

GrantedAtUtc

public DateTime GrantedAtUtc { get; }

Property Value

DateTime

GrantedByUserId

public Guid? GrantedByUserId { get; }

Property Value

Guid?

IsActive

public bool IsActive { get; }

Property Value

bool

Reason

public string Reason { get; }

Property Value

string

RevokedAtUtc

public DateTime? RevokedAtUtc { get; }

Property Value

DateTime?

RevokedByUserId

public Guid? RevokedByUserId { get; }

Property Value

Guid?

TenantId

public Guid TenantId { get; }

Property Value

Guid

UserId

public Guid UserId { get; }

Property Value

Guid

Methods

Grant(Guid, Guid, Guid?, string)

public static TenantSuperAdmin Grant(Guid userId, Guid tenantId, Guid? grantedByUserId, string reason)

Parameters

userId Guid
tenantId Guid
grantedByUserId Guid?
reason string

Returns

TenantSuperAdmin

ReGrant(Guid?, string)

public void ReGrant(Guid? grantedByUserId, string reason)

Parameters

grantedByUserId Guid?
reason string

Revoke(Guid)

public void Revoke(Guid revokedByUserId)

Parameters

revokedByUserId Guid