On this page

Search

Typically in Totara Engage public content (such as public workspaceslibraries or contributions) is available to all users.

However, when using multitenancy on your site there are restrictions on how users from different tenants can interact, and the Totara Engage content available to users.

Multitenancy rules

As a general rule, users in different tenants will not have any access to Totara Engage content from other tenants, while Site Administrators can access content from all tenants. Guest users, however, cannot access any Totara Engage content that has been created within a tenant or see tenant users. 

Tenant participants (users who are assigned to multiple tenants, such as Trainers) can access libraries in the tenants they're assigned to. System-level users (i.e. users who are not assigned to any tenants) can access any system-level content and interact with other system-level users. If tenant isolation is disabled then system-level users will also be able to access tenants' libraries.

Tenant participants and Site Administrators can also add users from other tenants to a workspace if tenant isolation is disabled. These users will be able to see discussion posts from the tenant they're added to, but won't be able to view tenant users' profiles.

User profile visibility

In Totara Engage there are a number of reasons to view other users' profiles. For example, you may want to view another user's library and contributions.

When using multitenancy there are restrictions that can be placed on which profiles users can view and access. Below is an overview of these restrictions.

Use caseTenant isolation on Tenant isolation off
Member from one tenant can see the profile of users from other tenantsNoNo (or read-only profile summary card only)
Tenant participant can see profiles of members in tenants to which they are assignedYes Yes
Site/System Administrator (or similar role with elevated permissions) can see profiles of tenant members, tenant participants and system-level usersYesYes
System-level users can see profiles of tenant membersNoYes
System-level users can see profiles of tenant participantsYesYes
System-level users can see profiles of Site Administrators or other system-level users with elevated permissionsYesYes

Tenant member can see profiles of Site Administrators or other system-level users with elevated permissions

NoYes
Tenant member can see profiles of system-level usersNoYes

Workspace collaboration

When using multitenancy restrictions can be placed upon which workspaces users can join. Below is an overview of the rules for adding users to tenants based on tenant membership.

Use caseTenant isolation on Tenant isolation off

Tenant members can add members from other tenants to their own workspace

NoNo

Tenant members can add tenant participants (assigned to their tenant) to their own workspace

YesYes
Tenant members can add Site Administrators to their own workspaceNoNo
Tenant members can add system-level users to their own workspaceNoNo

Tenant participants can add tenant members (in the tenants they participate in) to their own workspace

NoYes

Tenant participants can add participants in their tenant(s) to their own workspace

YesYes

Tenant participants can add Site Administrators (or other system-level users with elevation permissions) to their own workspace

YesYes

Tenant participants can add system-level users to their own workspace

YesYes

Site Administrators can add tenant members to their own workspace

NoYes

Site Administrators can add tenant participants to their own workspace

YesYes

Site Administrator can add other Site Administrators (or other system-level users with elevated permissions) to their own workspace

YesYes

Site Administrator can add system-level users to their own workspace

YesYes

System-level users can add tenant members to their own workspace

YesNo

System-level users can add tenant participants to their own workspace

YesYes

System-level users can add Site Administrators to their own workspace

NoYes

System-level users can add other system-level users to their own workspace

YesYes

Tenancy change rules

In some cases users may be moved between tenants. In these cases, the following rules will apply to existing content:

  • Workspaces created by the user remain in the original tenant
  • Resources, playlists and surveys are moved with the user and subject to the cross-tenancy rules
  • The user's resources and surveys will disappear from playlists of other tenant users after the transfer if tenant isolation is enabled
  • The user's comments (e.g. on resources) will remain in the original tenant
  • The user will lose access to workspaces in the original tenant
  • The user's profile will no longer be available in the original tenant
  • When multitenancy isolation is on - users cannot see any libraries or workspaces from other tenants
  • Data about shared content is not removed, but is not taken into account when getting data from the database since it is different tenants


© Copyright 2021 Totara Learning Solutions. All rights reserved.

Provide feedback about this page using the link in the bottom right of this page. 

 Still have questions? 

Why not post them in the forums on the Totara Community?



  • No labels