One platform, many tenants: how an MSSP runs vulnerability management across companies, teams, consulting firms, and framework agreements without a single client ever seeing another client’s data.
A managed security service provider does not run one vulnerability program. It runs many at once, for many client organizations, often through a network of consulting firms working under commercial agreements. The hard part is not the scanning. The hard part is keeping every client’s assets, findings, and reports strictly separated while still letting one operations team work the whole portfolio efficiently. This ebook shows how PMAP turns that requirement into structure. The company record is the tenant boundary, a ScopeFilter enforces it on every query, teams and consulting firms map onto the people doing the work, framework agreements track the commercial envelope, and scoped least-privilege grants make sure each person sees exactly the tenant they are entitled to and nothing more.
What you will learn
- Why the company record is the tenant boundary and how ScopeFilter enforces it on every list, export, and facet.
- How a holding and subsidiary hierarchy lets a group client stay isolated yet visible to the parent.
- How teams use three scope modes and a six-branch owner resolution chain to route work without leaking across tenants.
- How a cross-tenant consulting firm directory and qualification tracking support a vetted vendor bench.
- How framework agreements track a contracted man-day pool and recompute usage automatically as projects run.
- How RBAC scoped grants give each operator, client user, and consultant least-privilege access by company or project.
Inside this ebook
- Chapter 1. The Tenant Boundary Is the Product. An MSSP lives or dies on isolation. If one client can see another client’s findings, the practice is over. PMAP makes that boundary a structural property of the data, not a promise in a contract.
- Chapter 2. Modeling the Client Estate. Real clients are not flat. A holding group owns subsidiaries, each subsidiary has offices, and each office owns ranges of network space. PMAP models all of it while keeping every subsidiary a tenant in its own right.
- Chapter 3. Teams and Owner Resolution. Knowing which tenant an asset belongs to is half the answer. The other half is which team should own the work. PMAP routes ownership through enterprise scope modes and a six-branch resolution chain that guarantees no asset is ever orphaned.
- Chapter 4. The Consulting Firm Bench. An MSSP rarely works alone. It engages penetration-testing houses and security consultancies, and it must prove they are qualified before it puts them in front of a client. PMAP keeps a shared, vetted vendor catalog for exactly this.
- Chapter 5. Framework Agreements and Man-Day Accounting. Security work for clients is sold by capacity. A framework agreement captures the contracted pool of effort, and PMAP keeps the used and remaining figures honest as projects burn it down.
- Chapter 6. Least-Privilege Access for Every Role. An MSSP has operators, client users, and consultants, and none of them should see more than they must. PMAP grants access by role at a chosen scope, with time-bound grants and a scope cache that revokes within seconds.
Without a hard tenant boundary, findings and assets from one organization can leak to another. The boundary is not a feature you add. It is the precondition for running more than one client on one platform.
PMAP multi-tenancy principle
At a glance
- Series: PMAP Ebook
- Discipline: Multi-Tenant VM
- Audience: MSSP operator, platform admin, CISO
- Reading time: About 45 minutes
- Platform: PMAP by Privia Security
- Applies to: PMAP v2026.06
