Timeline for Multitenancy with Cross-Tenant Users
Current License: CC BY-SA 4.0
26 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 3, 2020 at 23:03 | answer | added | John Wu | timeline score: 5 | |
| Jan 3, 2020 at 22:56 | history | edited | Christophe | edited tags | |
| Jan 3, 2020 at 22:55 | answer | added | Christophe | timeline score: 3 | |
| Jan 3, 2020 at 21:25 | comment | added | Yuli Bonner | Yeah, I might just link them this post. Thanks for the input. It was good to talk through it. | |
| Jan 3, 2020 at 21:25 | comment | added | Robert Harvey | There are some advantages to keeping the white labelling. It simplifies views where you really do want to highlight the site they happen to be on. | |
| Jan 3, 2020 at 21:24 | comment | added | Robert Harvey | If your stakeholders want to have their cake and eat it too, keep the white labeling, but allow a single account login to work over all of the white-labelled sites you've given them access to. Otherwise, you'll have to explain the contradiction to your stakeholders (in plain English), and let them decide what they want to do. | |
| Jan 3, 2020 at 21:22 | comment | added | Yuli Bonner | They're white-labeled web apps. We can't brand/theme it if we don't know the tenant. | |
| Jan 3, 2020 at 21:21 | comment | added | Robert Harvey | In any case, I think it probably makes more sense to just have "mysite.com" or "users.mysite.com" with a single login per user. | |
| Jan 3, 2020 at 21:20 | comment | added | Robert Harvey | Or, you can let users log into any tenant they have access to, and the additional permissions will "just work." | |
| Jan 3, 2020 at 21:20 | comment | added | Yuli Bonner | Okay maybe that's where I'll push back. If users can belong to multiple tenants we can't have tenant specific sites for those users. | |
| Jan 3, 2020 at 21:19 | comment | added | Robert Harvey | Well, you may have to concede that there's no such thing as "tenant.mysite.com" anymore. | |
| Jan 3, 2020 at 21:18 | comment | added | Yuli Bonner | That's the contradiction in terms I was referring to... | |
| Jan 3, 2020 at 21:18 | comment | added | Robert Harvey | By definition, users are no longer associated with a single tenant, according to your stakeholders. They are associated with one or more tenants. | |
| Jan 3, 2020 at 21:16 | comment | added | Yuli Bonner | Okay so if we have a tenant specific UI think "tenant.mysite.com", which tenant's site does a user with multiple tenants go to? | |
| Jan 3, 2020 at 21:13 | comment | added | Robert Harvey | It would amount to another join in your queries. | |
| Jan 3, 2020 at 21:12 | comment | added | Yuli Bonner | It's not the extra dimension in the data that concerns me, it's the extra dimension in everything above the data layer. | |
| Jan 3, 2020 at 21:11 | comment | added | Yuli Bonner | Or if we have separate connections for tenants...now we're making N db connections. | |
| Jan 3, 2020 at 21:10 | comment | added | Yuli Bonner | Yeah, that table would be in the single tenant user store I mentioned. I get that User_Tenant...the problem is down stream when services start having to filter based on multiple tenants or tenant enabled features come into play, etc. | |
| Jan 3, 2020 at 21:07 | comment | added | Robert Harvey | I'm also a bit worried that word definitions are getting you mired in semantics. The problem you posed in your question could be easily solved with a many-to-many permissions table. | |
| Jan 3, 2020 at 21:06 | comment | added | Robert Harvey | That's a better question, although I think it's one for your stakeholders, not us. | |
| Jan 3, 2020 at 21:05 | comment | added | Yuli Bonner | Sure, but is the value-loss from uncommon/unintuitive complexity greater than the value-add of a single set of credentials? I think it's a fair question. | |
| Jan 3, 2020 at 21:02 | comment | added | Robert Harvey | I'm more interested in satisfying your stakeholders' expectations in a reasonable way than I am in the precise meaning of word definitions. Your specific problem appears to be independent of the multi-tenancy issue. It's more a problem of access rights. | |
| Jan 3, 2020 at 20:58 | comment | added | Yuli Bonner | To me it seems like the user/tenant store would necessarily have to be single tenant, but all the other data would be multitenant. Considering the definition of a tenant is "a group of users who share a common access with specific privileges to the software instance" this almost seems like a contradiction in terms. | |
| Jan 3, 2020 at 20:55 | comment | added | Yuli Bonner | I'm asking is it reasonable and, if it is, how can I accomplish accommodate it? | |
| Jan 3, 2020 at 20:53 | comment | added | Robert Harvey | Are you asking if the requirement is reasonable? Your stakeholders seem to think it is. Can you provide a better way of giving them what they want without "complicating things significantly?" | |
| Jan 3, 2020 at 20:49 | history | asked | Yuli Bonner | CC BY-SA 4.0 |