User tenancy based access control - Federation

We have recently added "tenancy" to the project.
With tenancy, every resource have a tenant, where resource can be a delivery-service, a server (future) and even a user.
We are now starting to enforce access-control based on the resource tenancy. A user can manage a resource only if the resource is under the user tenancy.

This JIRA deals with another step of "user as a resource" - enforcing access control on the management of federations.
We still need to finalize the specification of this access control, maybe add tenancy to the federation itself, and it would not be included in the first phase of tenancy introduction.