Tenant lockbox

We claim: 1. A computer-implemented method for providing tenant approval for operator access to a tenant's data, comprising: receiving an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant's data; creating the access control request for temporarily elevating the role of the operator; computing a set of one or more internal administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator; sending the access control request to the one or more internal administrators; receiving an access control response from one of the one or more internal administrators; determining whether the access control response from the internal administrator is an approval or a rejection of the access control request; upon determining that the access control response from the internal administrator is an approval of the access control request, granting the first set of permissions to temporarily elevate the role of the operator; computing a set of one or more tenant administrators authorized to grant a second set of permissions to temporarily elevate the role of the operator, wherein the one or more tenant administrators are associated with an organization of the tenant; sending the access control request to the one or more tenant administrators; receiving an access control response from one of the one or more tenant administrators; determining whether the access control response from the tenant administrator is an approval or a rejection of the access control request; upon determining that the access control response from the tenant administrator is an approval of the access control request, granting the second set of permissions to temporarily elevate the role of the operator; and temporarily elevating the role of the operator to the security group giving the operator the set of permissions for allowing the operator to perform the action on behalf of the tenant and to enable operator access to the tenant's data. 2. The computer-implemented method of claim 1 , wherein receiving the indication to create the access control request for temporarily elevating the role of the operator to the security group giving the operator the set of permissions for allowing the operator to perform the action on behalf of the tenant and to enable operator access to the tenant's data comprises receiving an identification of the tenant, the operator, and the action. 3. The computer-implemented method of claim 2 , wherein creating the access control request for temporarily elevating the role of the operator comprises determining the security group that would give the operator the set of permissions needed to allow the operator to perform the action based at least in part on the tenant, the operator, and the action. 4. The computer-implemented method of claim 3 , wherein determining the security group that would give the operator the set of permissions needed to allow the operator to perform the action comprises: referencing a command list to derive, based on the tenant, at which server forest, data center, and server the tenant is provisioned; and determining, based on the server forest, data center, and server and based on the operator and the action, the security group and corresponding role that would give the operator the set of permissions needed to allow the operator to perform the action. 5. The computer-implemented method of claim 4 , further comprising authenticating the access control request prior to computing the set of one or more internal administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator, wherein authenticating the access control request comprises: determining a current role of the operator; and determining whether elevation to the security group and corresponding role from the current role complies with at least one of a plurality of policies. 6. The computer-implemented method of claim 1 , wherein computing the set of one or more tenant administrators authorized to grant a first set of permissions to temporarily elevate the role of the operator comprises querying an online directory service for the one or more tenant administrators, and obtaining contact information for the one or more tenant administrators. 7. The computer-implemented method of claim 1 , wherein at least one of the one or more tenant administrators is a user in the tenant organization delegated by an administrator of a software service as a tenant administrator. 8. The computer-implemented method of claim 1 , wherein prior to computing a set of one or more tenant administrators authorized to grant the second set of permissions to temporarily elevate the role of the operator: making an analytics call to determine whether the tenant has opted in to requiring tenant approval for operator access to the tenant's data; and receiving a response including a Boolean flag indicating that the tenant requires tenant approval for operator access to the tenant's data. 9. The computer-implemented method of claim 1 , wherein sending the access control request to the one or more tenant administrators comprises sending a link to an application interface via which the one or more tenant administrators is enabled to approve or reject the access control request, wherein the link is sent in at least one of: an email; an SMS; an MMS message and a notification. 10. The computer-implemented method of claim 1 , wherein receiving the access control response from one of the one or more tenant administrators comprises receiving an indication of a selection of an approval control or a rejection control provided in an application user interface. 11. The computer-implemented method of claim 1 , further comprising notifying the operator that the access control response from the tenant administrator is an approval of the access control request. 12. The computer-implemented method of claim 1 , further comprising creating a log entry comprising the operator, the action, the security group and corresponding role to which the operator has been temporarily elevated, and the tenant data accessed by the operator. 13. The computer-implemented method of claim 1 , further comprising providing an audit report comprising a plurality of log entries. 14. A system for providing tenant approval for operator access to a tenant's data, the system comprising: one or more processors; memory storing one or more computer-executable instructions that when executed by the one or more processors, cause the system to: receive an indication to create an access control request for temporarily elevating a role of an operator to a security group giving the operator a set of permissions for allowing the operator to perform an action on behalf of the tenant and to enable operator access to the tenant's data; and create the access control request for temporarily elevating the role of the operator; authenticate the access control request; compute a set of at least one internal administrator authorized to grant a first set of permissions to temporarily elevate the role of the operator, wherein the set of the at least one internal administrator is associated with an organization of the tenant; receive an access control response from an internal administrator of the set of the at least one internal administrator; determine whether the access control response from the internal administrator is an approval or a rejection