Topological query in multi-tenancy environment

We claim: 1. A method comprising: accessing a topological database with multi-tenancy capability that represents an information technology environment, each node of the topological database representing a configuration item within the environment, each node being characterized by a tenant authorization rule (TAR) that indicates a list of tenants of the topological database that are authorized to access the configuration item that corresponds to that node; obtaining an unrestricted result to an unrestricted query, the unrestricted query being representable as a first sub-graph isomorphism, the unrestricted result to the unrestricted query including any groups of the nodes of the topological database that satisfy the first sub-graph isomorphism; modifying the unrestricted query by incorporating a TAR condition into the unrestricted query to create a modified query; applying the modified query to the unrestricted result to obtain an authorized result, the modified query being representable by a second sub-graph isomorphism that is substantially of the same form as the first sub-graph isomorphism representation of the unrestricted query, the authorized result including identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the querying tenant; and issuing a notification on the basis of the obtained authorized result. 2. The method of claim 1 , wherein the information technology environment comprises a managed service provider (MSP), and wherein each configuration item represents a resource of the MSP. 3. The method of claim 1 , wherein obtaining the unrestricted result comprises repeatedly submitting an active query to the database. 4. The method of claim 3 , wherein the modified query is applied to the unrestricted result when a change is detected in the unrestricted results obtained from successive submissions of the active query. 5. The method of claim 1 , comprising comparing the obtained authorized result with a previously obtained authorized result. 6. The method of claim 5 , wherein the issuing the notification comprises indicating a difference between obtained authorized result and the previously obtained authorized result. 7. The method of claim 1 , wherein applying the modified query comprises applying the modified query to a stored unrestricted result. 8. The method of claim 1 , comprising: receiving a user query submitted by a user; and determining that a related unrestricted result does not exist for the user query. 9. A non-transitory computer readable medium having stored thereon instructions that when executed by a processor will cause the processor to: receive a tenant query to a topological database with multi-tenancy capability from a tenant of topological database, wherein each node of the topological database represents a configuration item within an information technology environment, each node being characterized by a tenant authorization rule (TAR) that indicates a list of those tenants that are authorized to access the configuration item that corresponds to that node, and wherein the tenant query is representable as a first sub-graph isomorphism of the topological database; obtain an unrestricted result to an unrestricted query to the topological database, a second sub-graph isomorphism of the unrestricted query having substantially the same form as the first sub-graph isomorphism of the tenant query, the unrestricted result including any groups of the nodes of the topological database that satisfy the second sub-graph isomorphism of the unrestricted query; modifying the unrestricted query by incorporating a TAR into the unrestricted query to create a modified tenant query; apply the modified tenant query to the obtained unrestricted result to obtain an authorized result, the authorized result including identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the tenant; and issue a notification on the basis of the obtained authorized result. 10. The non-transitory computer readable medium of claim 9 , wherein the environment comprises a managed service provider MSP), and wherein each configuration item comprises a resource of the MSP. 11. The non-transitory computer readable medium of claim 9 , wherein the instruction to obtain the unrestricted result comprises instruction to retrieve a stored result of the unrestricted query. 12. The non-transitory computer readable medium of claim 9 , wherein the instruction to obtain the unrestricted result comprises instruction to submit the unrestricted query to the topological database. 13. The non-transitory computer readable medium of claim 12 , wherein the instruction to submit the unrestricted query comprises instruction to repeatedly submit an active query to the topological database and to store the unrestricted result. 14. The non-transitory computer readable medium of claim 13 , wherein the instruction to apply the modified tenant query to the obtained unrestricted result comprises instructions to apply the modified tenant query when a change is detected in the unrestricted result. 15. The non-transitory computer readable medium of claim 9 , comprising instructions to compare the obtained authorized result with a previously obtained authorized result. 16. The non-transitory computer readable medium of claim 15 , wherein the notification to the tenant comprises an indication of a difference between the obtained authorized result and a previously obtained authorized result.