optional multi-tenant capability? #10
Description
The PP is currently written on the assumption that the MDM is intended to manage a set of policies for one specific userbase. However, it may be the case that a single MDM has separate userbases and is deployed in a multi-tenant fashion. We may want to consider defining optional functionality for ensuring that data remains logically isolated in this situation (e.g. separated data at rest through different encryption keys, logical access control on MDM administrators that only grant access to one tenant).