The tenant
or account owner will only need access to a single account, namely his own.
What we do is we add a column to the accounts table named owner_id
with the id of the user who owns the account.
In the accounts_controller we then check explicitly:
before_filter current_account.is_owned_by?(current_user)
Hope this helps.