separation of clients in NetBox Permissions with constraints

[imix99]

Hello all,
I have been working with NetBox for some time now and would like to introduce it properly into the corp environment. The authorisation granularity is very important to me. Customer A should only see tenant group A with all tenants and all associated objects (IP addresses, VLANS, etc.) and not tenant group B.
Unfortunately, I am not at all familiar with JSON queries and have therefore tried my hand at my environment with a few older posts and other entries. I also came across [{‘tenant_id’: 1}] and got the error code:
‘Invalid filter for <class “ipam.models.fhrp.FHRPGroup”>: Cannot resolve keyword “tenant_id” into field. Choices are: auth_key, auth_type, bookmarks, comments, created, custom_field_data, description, fhrpgroupassignment, group_id, id, ip_addresses, journal_entries, last_updated, name, protocol, tagged_items, tags’.

Unfortunately, I have not yet found a good solution with the entries and the documentation.
Can anyone help me with a constraint for the restriction to tenant group A with all subordinate objects?

Thanks for helping me out

[AADIP]

FHRP groups do not have a tenant field on them so you will have to find another field to filter your permissions on there.

You will find a lot of this where certain object types do not have a tenant field. If you wanted to instead base permissions on tags, almost everything has tags support. Up to you on how you want to slice it up.

[imix99]

Thank you for your answer.
How was this authorisation intended by Netbox?
Is the point of origin for authorisation the TenantGroup or another one?