Multitenancy

May 18, 2012 at 12:39 AM
Hi Andrea, We've been successfully using NetSqlAzman in a complex Ajax WCF enterprise platform. The platform exposes about 1000 WCF operations in a multitenant environment. So far each tenant gets its own azman definition. But this is not ideal because all the tenant actually share the exact same list of operation. What differ from tenant to tenant is actually the upper hierarchy of tasks and roles. What would be your recommendation if we would like to implement this pattern of sharing the operations and make them cross tenant? thanks
Coordinator
May 21, 2012 at 9:17 PM

If two tenants share the same operations ... because they have different roles?

How do you use roles then?

Can you give some examples of this model ?

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Nov 22, 2012 at 9:37 AM

Hi,

 

The list of operations in Azman is the list of API rest functions exposed by the application. So 2 different tenants are sharing this list.

For example if i take a simplistic example of a calculator application, the operations (REST API) would be Add, Substract, Multiply and Divide.

Then for in each tenant, we define custom roles / taks that aggregate the possible operations. So for tenant 1 we could have Admin = (Add + Substract + Multiply + Divide) and Simple = (Add + Substract)

and for tenant 2 we could have something very different like Consultant = (Add + Mulitply) and Manager = (Divide + Substract)

Each users get assign to a collection of role, and then when the try to access a function of the API, we can check that their role covers this operation.

 

Let me know if this looks clearer to you 

Cheers

 

Developer
Nov 30, 2012 at 6:06 PM

I don't quite get the concept of "Tenant"? Is it an application consuming the REST APIs? What is the relationship between A user and a Tenant? Can the same user relate to different tenants?

With all these questions in mind, I'll still give it a try:

  1. Do a convention based design: name your roles the tenant prefix. So the roles will be named  as Tenant1.Admin, Tenant1.Simple, Tenant.Consultant, Tenant2.Manager, ...
  2. Implement your own RoleProvider to take Tenant as context data to determine the user roles.
  3. Have your own Admin application or website to manage the Roles/Operations/Users so that Roles will be filtered for the Tenant selected.

Richard

Dec 31, 2012 at 6:57 PM

Essentially you want to have multiple netazman databases - so the permissions are unique per tenant....but you want to 'share' the definitions across them because they are the same..right?

Pretty sure there is not a way to do that....just maintain multiple or build a UI for administering the definitions that makes the same changes across all your instances.