Authenticating accesses to a shared datastore of a multi-tenant computer system

What is claimed is: 1. A method of authenticating accesses to a shared datastore, the method comprising: running, at a computer system, a shared service operable to access the shared datastore to execute requests from a plurality of multi-tenant cloud computing services including a first cloud computing service; storing, at the computer system, a first indication of a first tenant of the first cloud computing service and a first tenant grouping indicator, wherein the first tenant and one or more other tenants of the plurality of the multi-tenant cloud computing services are associated with the first tenant grouping indicator; receiving, at the shared service running on the computer system from the first cloud computing service, a first request to the shared service, wherein the first request includes an indication of the first tenant and the first tenant grouping indicator; authenticating, by using the computer system, the first request by (a) cryptographically verifying the first request and (b) verifying that the first tenant is associated with the first tenant grouping indicator; and in response to authenticating the first request, accessing, by the shared service running on the computer system, the shared datastore to execute the first request. 2. The method of claim 1 , wherein the first request includes a first token that includes an indication of the first tenant and the first tenant grouping indicator; wherein accessing the shared datastore to execute the first request includes the shared service sending the shared datastore a second token that includes an indication of the shared service and the first token; and wherein the second token is usable by the shared datastore to authenticate the first request, authenticate the accessing by the shared service, and verify that the first tenant is associated with the first tenant grouping indicator. 3. The method of claim 2 , wherein the first token includes an indication of a primary tenant associated with the first tenant grouping indicator and an indication of the shared service; and wherein the second token includes an indication that the second token is a proxy token and targets the shared datastore. 4. The method of claim 1 , further comprising: determining, using the computer system using a hierarchy of data protection scopes including a shared service tenant group data protection scope corresponding to the first tenant grouping indicator, that the first request is authorized. 5. The method of claim 1 , further comprising: storing, at the computer system, a second indication of a second tenant of a second cloud computing service, wherein the second tenant is associated with the first tenant grouping indicator; and in response to authenticating a second request from the second cloud computing service, accessing, by the computer system using the shared service, the shared datastore to execute the second request; wherein the first tenant and the second tenant correspond to the same entity; and wherein accessing the shared datastore to execute the first request includes writing a value to the shared datastore and the accessing the shared datastore to execute the second request includes reading the value from the shared datastore. 6. The method of claim 1 , further comprising: storing, at the computer system, a second indication of a second tenant of a second cloud computing service, wherein the second tenant is associated with the first tenant grouping indicator; and wherein tenancy in the first cloud computing service is defined by a first set of parameters and tenancy in in the second cloud computing service is defined by different, second set of parameters. 7. The method of claim 1 , further comprising: running, at a computer system, a second shared service operable to access the shared datastore to execute requests from a plurality of multi-tenant cloud computing services, wherein the second shared service is operable to authenticate requests made to the second shared service from the plurality of multi-tenant cloud computing systems using the first tenant grouping indicator; wherein tenant grouping is the only representation of trust relationships between tenants of the plurality of multi-tenant cloud computing services used by the shared service and the second shared service to authenticate requests. 8. The method of claim 1 , wherein accessing the shared datastore to execute the first request includes accessing a particular directory of the shared datastore corresponding to the shared service and the first tenant group indicator and updating a value stored in the particular directory, wherein the particular directory is logically isolated from other directories corresponding to other tenant group indicators. 9. A non-transitory, computer-readable storage medium storing program instructions that are capable of being executed by a computer system to perform operations comprising: running, at a computer system, a shared service operable to access a shared datastore to execute requests from a plurality of multi-tenant cloud computing services including a first cloud computing service; storing, at the computer system, a plurality of tenant grouping indicators, wherein a given tenant grouping indicator is associated with a given set of tenants of the multi-tenant cloud computing services; receiving, at the computer system from a first cloud computing service, a first request to the shared service, wherein the first request includes an indication of a first tenant and a first tenant grouping indicator; authenticating, using the computer system, the first request by (a) cryptographically verifying the first request and (b) verifying that the first tenant is associated with the first tenant grouping indicator; and in response to authenticating the first request, accessing, by the shared service running on the computer system, the shared datastore to execute the first request. 10. The non-transitory, computer-readable storage medium of claim 9 , wherein the first request includes a first token that includes an indication of the first tenant and the first tenant grouping indicator; wherein accessing the shared datastore to execute the first request includes the shared service sending the shared datastore a second token that includes an indication of the shared service and the first token; and wherein the second token is usable by the shared datastore to authenticate the first request, authenticate the accessing by the shared service, and verify that the first tenant is associated with the first tenant grouping indicator. 11. The non-transitory, computer-readable storage medium of claim 10 , wherein the first token includes an indication of a primary tenant associated with the first tenant grouping indicator and an indication of the shared service; and wherein the second token includes an indication that the second token is a proxy token and targets the shared datastore. 12. The non-transitory, computer-readable storage medium of claim 9 , wherein the operations further include: determining, using a hierarchy of data protection scopes including a shared service tenant group data protection scope corresponding to the first tenant grouping indicator, that the first request is authorized. 13. The non-transitory, computer-readable storage medium of claim 9 , wherein the operations further include: running, at a computer system, a second shared service operable to access the shared datastore to execute requests from a plurality of multi-tenant cloud computing services, wherein the second shared service is operable to authenticate requests made to the second shared service from