Comment 27 for bug 968696

I think there really needs to be at least three or four concepts here OOB: (I say 3 or 4 since 3 could just be a configuration of 2)

1) Tenant Admin - specific to that tenant only
2) Multi-tenant Admin - across a specific set of tenants
3) Global-Tenant Admin - Admin access to all tenants but not "system" actions (changing endpoints, making policy changes, etc.)
4) Global "System" Admin - God

Even in file-system ACLs, there is adistinction between RWX and RWX + modify ACL

I also think it would be a common use case to want to manage multiple tenants at once without having to re-authenticate to each one in turn, but that's a battle I'm sure I won't win.