Tenant Member with Viewer Role Can Create Tenant and Update Tenant Settings


There is a tenant member with “Viewer - Users” and “Viewer - Config Settings” roles. With this permission, it can create a new tenant and update the settings under Tenant Settings > Advanced > Migration.


As per the current design, tenant members with any of the viewer role, editor role, or admin role have access to create a tenant. Please feel free to create a feedback item here if is desired for the viewer roles not to have access to create a tenant.

For the “Allows use of custom extensions” option, it seems it can be switched off from the enabled options under Migration , but the following error message will be received, which prevents the possibility of creating any changes:

Error! Something happened while trying to save your settings: Insufficient scope, expected any of: update:tenant_settings.

For details about this error, please consult Receive the Insufficient Scope Error When Updating Tenant Settings.