Securing the Multitenant Portal
Environment 
Securing the multitenant portal environment is important to ensure:
· Total isolation of the content for each tenant.
Content for all tenants exists in a single portal infrastructure; this means that the portal content customized for each tenant must be accessible only by that tenant.
· Log and trace files generated in the portal are not exposed to any tenant.
· iViews developed for a tenant are protected by the security mechanisms in the portal.
The service provider must institute and enforce security policies that protect the storage and access to customized data for tenants. The following are some of the security mechanisms available in the portal:
Security Mechanism |
Description |
Authentication and Access Control |
Only authenticated portal users with the proper level authority can access content designated for them. |
Protocols |
Providers can implement protocols and standards such as, Secure Socket Layer (SSL), to ensure that data transferred over the network is not intercepted. An additional security measure is to encrypt data transferred through these protocols. |
Portal administration |
Specifically, the super administration and the tenant administration tasks must be performed by personnel of the provider. These portal administrators can access, view, and edit, all the content in the portal landscape. |
Developing portal content |
iViews developed by the provider for a tenant must be protected by the authentication and permissions mechanisms in the portal. Such iViews must not be stored in caches, and they should not have the shared-caching attribute if they deliver sensitive information. |
All security
aspects necessary for implementing a standard portal environment are covered
in the 
Portal
Security Guide.
For additional security aspects in a multitenant portal environment, see the following:
· Securing the Multitenant Portal Environment