In order to access tenant data, you must set up the database connection to use the credentials for either a user for a regular tenant or for a super-tenant. Because super-tenant's can access all users' data, establishing a database connection as a super-tenant will allow you to perform operations such as dumping and loading of data and editing sequences for any tenant. If you establish a connection with the credentials of a user for a regular tenant, you can perform operations for only that tenant.
Regardless of how you set up the connection, the operations you can perform are defined by the user data security permissions defined for the database in a series of
Can-* actions. (For more information, see
Managing multi-tenant database table security for users.) You can use wildcards to allow the performance of certain operations that any user would normally be permitted to do. Likewise, you can restrict which users can perform specific tasks. For example, by default any user can create a tenant. You can prevent this by setting up the
Can-Create action to permit only a select user to do so.