Praisma Hub LogoPraisma Hub

5.2.1 Administration — Tenant Management — Tenant Settings — Configuration

Tenant Settings allow controlled customization of platform behavior per tenant while preserving global guardrails. These settings enable organizations to tailor features, limits, and defaults to their operational needs without affecting other tenants.

Scope and Inheritance

Tenant settings are evaluated within a clear precedence model. Global system controls define defaults, while tenant settings may override only explicitly allowed keys.

Precedence order:

System defaults

Tenant overrides

Organization-level preferences where applicable

Disallowed overrides are rejected deterministically.

Configuration Domains

Tenant settings are grouped into domains to simplify governance and validation.

Common domains:

Feature enablement

Localization and language defaults

Notification preferences

Integration availabilitynEach domain exposes only safe, documented keys.

Validation and Constraints

All tenant settings are validated against schemas before persistence. Constraints prevent unsafe or conflicting configurations.

Validation rules:

Type enforcement

Allowed value ranges

Dependency checks

Example update:

TenantConfig::set('notifications.email.enabled', true);

Change Management and Auditing

Changes to tenant settings require appropriate permissions and are fully auditable.

Audit guarantees:

Actor attribution

Before/after values

Timestamped records

Example audit log:

AuditLog::record('tenant.config.updated', [ 'key' => 'notifications.email.enabled', 'value' => true ]);

Safe Rollout and Reversion

Tenant settings changes take effect immediately unless explicitly staged. Reversion to previous values is supported to mitigate misconfiguration.

Rollback characteristics:

Deterministic state restoration

No data loss

Logged actions

Visibility and Transparency

Administrators can view effective configuration values after inheritance is applied. This prevents ambiguity when debugging behavior.

Visibility includes:

Effective value

Source of value (system or tenant)

Last modification metadata

Security and Isolation

Tenant settings are strictly isolated. No tenant can read or influence another tenant’s configuration. All access checks are enforced server-side and scoped to authorized roles only.