Systems, methods, and other embodiments associated with controlling a multi-tenant service-oriented architecture are described. In one embodiment, a method includes providing a collection of policies based upon who can access information of a user, wherein the information of the user is managed by a second service. A multi-tenant control module determines if a first service is able to contact the second service and obtain access to the user's information through the second service. An authentication service works in conjunction with the first and second services to assist in determining if the first service is able to contact the second service and obtain access to the user's information through the second service.