As described in [Overview of the Security Model](🔗), Multi-Tenancy is a great way to give a control of Opsview Monitor to your end users. It does so by allowing them to create new Hosts and further Roles and Users all within their own secure, private environment.
To use Multi-Tenancy, you must first ensure that your User's Role has the CONFIGURETENANCIES option checked. This option is located within the 'Configuration' tab, as shown below:
By default, this option is disabled. Once the option is enabled, you should be able to see 'Multi-Tenancy' under the Configuration menu.
## Adding a Tenancy
To add a new Tenancy, navigate to 'Multi-Tenancy' within the Configuration menu. A screen similar to the one below is displayed:
Click on the 'Add New' button which will display a window as shown below.
In the above example, we are creating a new Tenancy based on the 'Opsview Servers' Role. This Role has access to view and modify only the hosts within the 'Monitoring Servers' Host Group, and can only view Service Checks on those Hosts that are within the service group 'Application ' Opsview'.
Note: Primary roles are not allowed to have any of the following accesses: ADMINACCESS, CONFIGURETENANCIES, CONFIGUREVIEW, CONFIGUREKEYWORDS, VIEWALL, ACTIONALL, TESTALL, NETFLOW, CONFIGURENETFLOW, REPORTADMIN, BSM, CONFIGUREBSM, CONFIGUREBSMCOMPONENT
After clicking 'Submit', the new Tenancy is added:
**Note:** Once the primary role and the multi tenancy definition have been associated (Configuration --> Multi-Tenancy) the primary role cannot be changed, although an administrator can edit the permissions for that role. Opsview will automatically ensure that all other roles in that tenancy will not have more permissions than the primary role.
Now, when a User with the 'Opsview Servers' role logs in, he will be able to add Hosts, create Roles (if the Role 'Opsview Servers' allows), and so on, all based on the Hosts and Service Checks that the primary Role is configured to allow Users to view and edit.