Multitenancy `global?` authorization question
https://hexdocs.pm/ash/multitenancy.html#attribute-multitenancy
Could you please provide a brief example of what incorporating this into authorization rules would look like?
My specific issue is that I have an
Having articulated that, I think what I actually want is to just exempt the
Some personal context: I'm new to Ash, but I have a basic app working, and have written a couple
If you want to enable running queries without a tenant as well as queries with a tenant, theglobal?option supports this. You will likely need to incorporate this ability into any authorization rules though, to ensure that users from one tenant can't access other tenant's data.
Could you please provide a brief example of what incorporating this into authorization rules would look like?
My specific issue is that I have an
Invite resource, used to invite users to the org, and the accept action for this resource needs only a code, but all the CRUD actions for admin to create invites obviously require a tenant. Adding global? true under multitenancy fixes accept, but I'm not sure how to adjust my policies to then require a tenant for the CRUD actions.Having articulated that, I think what I actually want is to just exempt the
accept action from the tenant requirement. Is there perhaps a way to do that?Some personal context: I'm new to Ash, but I have a basic app working, and have written a couple
Ash.Policy.SimpleChecks, so I have a rudimentary grasp of authorization, I'd say. Oh, and great work on Ash by the way! 
