There are a couple of ways to achieve this. Let me jot down my views. Base 1. Have a design that allows you to mark which entity data are accessible to which tenant's users.
Scenario 1: Unified View Data listing based on tenant accessibility. In this scenario, the end user will be viewing the entire set of data as per the permission from each tenant.
Scenario 2: single tenant view The logged in user has to switch to the context of a tenant to view the data that this user can view. In this case, the user by default can view his own tenant data, upon requirement to view the service admin data, he has to impersonate himself as a service admin user (impersonation comes into picture since he is given view access to some part of the data.).
Scenario 2 is bit easy and robust in implementation point of view.
Share with us your understanding.