TRACING-5851: Clarify tenancy model in Distributed Tracing

Signed-off-by: Andreas Gerstmayr <[email protected]>

Author: andreasgerstmayr

observability/distr_tracing/distr-tracing-tempo-installing.adoc

@@ -69,7 +69,10 @@ include::modules/distr-tracing-tempo-object-storage-setup-ibm-storage.adoc[level
 [id="configuring-permissions-and-tenants_{context}"]
 == Configuring the permissions and tenants
 
-Before installing a `TempoStack` or `TempoMonolithic` instance, you must define one or more tenants and configure their read and write access. You can configure such an authorization setup by using a cluster role and cluster role binding for the Kubernetes Role-Based Access Control (RBAC). By default, no users are granted read or write permissions. For more information, see "Configuring the read permissions for tenants" and "Configuring the write permissions for tenants".
+Before installing a `TempoStack` or `TempoMonolithic` instance, you must define one or more tenants and configure their read and write access.
+Tenant access is managed globally and not per instance.
+Therefore, granting access to a tenant grants access to this tenant in all `TempoStack` and `TempoMonolithic` instances.
+You can configure such an authorization setup by using a cluster role and cluster role binding for the Kubernetes Role-Based Access Control (RBAC). By default, no users are granted read or write permissions. For more information, see "Configuring the read permissions for tenants" and "Configuring the write permissions for tenants".
 
 [NOTE]
 ====