Overview
Parameter:LOGISCHE_MANDANTEN
Category: Default
Default value: 0
Product: eTASK.FM Portal
What does this parameter do?
This parameter enables or disables logical client management in your eTASK system. With client management enabled, you can clearly separate your data within an eTASK environment so that different organizational units, departments, or subsidiaries can use the same server while keeping their data separate.
What is this parameter used for?
Data separation within a single installation: Multiple organizational units use a shared eTASK installation, but each unit sees only its own data
Tenant-based access control: Users are granted access only to the data of the tenants for which they are authorized
Multi-tenant scenarios: Management of multiple legally or organizationally separate units within a single system
Data protection and compliance: Ensuring that sensitive data from different areas remains strictly separated
Scalable rights management: Centralized administration with simultaneous data isolation
Technical Details (for Administrators)
Format: Integer
Default value: 0
Valid values:
0= Client management disabled (default setting)1= Client management enabled
Important notes:
After activation, each record in every list must be assigned to exactly one client
Users without authorization for a client cannot access the associated records via the interface
The feature is in the late beta phase and is under continuous development
To use multiple clients, you must purchase a paid plugin
Activation affects the display of data in search fields, menus, and forms system-wide
Interaction with other parameters:
This parameter operates independently but affects the fundamental data architecture of the entire system. There are no direct dependencies on other configuration parameters.
Authorization requirements:
Before activation, ensure that at least one of the following conditions is met:
At least one person is assigned to a rights group with the "Administrator Group" option enabled
A permission group has been assigned the permission for the "Standard Client"
You have a valid login for one of these authorized users
When should you change this value?
Set the value to 1 (enable client management) if:
You want to manage multiple organizational units or subsidiaries in a single installation
Strict data separation between different areas is required
Different departments use the same server, but their data must remain separate
You need to implement a multi-tenant scenario
Data protection or compliance requirements necessitate data isolation
Leave 0 (client management disabled) if:
You operate only a single organization without internal data separation
All users should be able to access all data
The additional complexity of multi-tenant management is not required
The paid plugin for multiple clients has not been purchased
Important Notes
Risk of being locked out upon activation BEFORE activation
, ensure that at least one user with administrator rights or access to the default tenant exists and that you have their login credentials. Otherwise, you may lock yourself out of the system and require direct database access for recovery.Note the
beta status This functionality was first released in the September 2023 release and is continuously being developed. It is still in the beta phase.Paid plugin required
While the basic functionality is available, a paid plugin must be purchased to use multiple clients. Clarify licensing requirements before activation.System-wide impact
Activation affects the entire system: All lists, forms, search fields, and menus will be updated. Plan the transition carefully and inform all users in advance.
Security
Does changing this parameter affect security?
Yes, enabling client management has significant positive effects on data protection and security.
Positive aspects:
Strict data isolation between different clients prevents unauthorized access to third-party data
Improved compliance through clear data separation
Reduced risk of data leaks between organizational units
More granular access control at the data level
Compliance with data protection requirements in multi-tenant scenarios
Note:
Risk of lockout: Incorrect configuration can lead to complete system exclusion
After activation, all user permissions must be carefully configured at the tenant level
Administrators must understand the new security architecture and administer it correctly
A testing phase is required to ensure that all authorized users have access to their data
Documentation of the client structure and permissions is mandatory
Data protection assessment:
Enables the technical implementation of data separation in accordance with GDPR requirements
Supports the principle of data minimization through access restrictions
Facilitates compliance with disclosure obligations through clear data mapping
Recommendation: Activate client management only after careful planning and preparation. First, create an authorization concept and test all critical business processes. Document the configuration and train administrators before going live. Perform a full backup before activating the feature in the production environment.
Practical example
Initial situation: A facility management company manages three subsidiaries (Alpha GmbH, Beta AG, Gamma KG), all of which use the same eTASK installation. Currently, all employees can view the data of all three companies, which is problematic from a data protection perspective and leads to confusion.
Configuration: The administrator sets LOGISCHE_MANDANTEN to 1 and sets up three logical clients: "Alpha," "Beta," and "Gamma." Subsequently, all existing records are assigned to the corresponding clients, and user rights are configured on a client-specific basis.
After the change:
Employees of Alpha GmbH see only objects, tickets, and orders belonging to their company
Users at Beta AG have no access to data from Alpha GmbH or Gamma KG
Administrators can assign specific rights to individual or multiple clients
New records are automatically assigned to the client of the user who created them
Each company operates in an isolated data environment
Result: Complete data separation between the three subsidiaries while using a shared infrastructure. Data protection compliance is ensured, administrative costs are reduced, and users see only relevant data without being distracted by unrelated information.
Alternative scenarios:
Scenario A – Group with centralized IT:
Parent company has access to all clients for reporting
Subsidiaries see only their own data
IT administration is performed across all clients
Scenario B – Data transfer between clients
Set up a transfer client
Employees of Alpha GmbH transfer master data and vehicle contracts to the transfer client
Employees of Beta AG transfer vehicle master data and contracts from the transfer client to their own client
Access restrictions remain in place; there was no cross-client access
Recommended setting
For standard installations:0(Disabled)
Reason:
Most single-organization setups do not require tenant separation
The default configuration is easier to administer and results in less complexity
Beta status requires increased caution during production use
Paid plugin must be purchased first
Exceptions (activation 1 recommended):
Multi-tenant environments with multiple legally separate entities
Corporate structures with data protection requirements between subsidiaries
Service providers serving multiple clients in a single installation
Organizations with strict compliance requirements for data separation