Murano/Specifications/Per Tenant Isolation
Per-Tenant Isolation (for Murano-v0.4)
Murano Metadata Repository Server was introduced in Murano-v0.4 release. But there is no any restrictions: any user is able to edit any service definition or file. To prevent that new per-tenant isolation feature would be added to murano-v0.4.1 release.
In current implementation all files are grouped by data types and stored in corresponding directories. All those directories are located inside "Servicies" derectory along with manifests files (service definitions). Since Metadata Server works on file system the best solution for data isolation would be dividing data into separate folders. Each tenant for an each user. Users belong to the same tenant will have equal rights on file modification.