Defining a new site exposes a security problem using the "mandanten" administration.
1) Log onto the backend using the "sysadmin" user.
2) Define a new "Mandanten". Name it "Kunde 2"
3) Define a language "deutch" under "Kunde 2"
Remember that the standard user "admin" is defined to have administrator access ONLY to the standard site "Kunde".
Now log in as "admin" and go to " Administation | Mandanten " and click on the "Kunde 2".
The user is able to modify "Mandanten - Eigenschaften" on all "Mandanten" although the users is not defined to be able to administer anything but "Kunde".
Ojo