2. PHPRunner General questions
  3. Multi-Tenant Design In PHPR
This topic is locked

Multi-Tenant Design In PHPR

 		9/23/2010 13:25:51
PHPRunner General questions
K
 kenlyle author

I know another dev tool, they have a field tenantid, used to make sure that only the correct owned records are returned. It seems like a next step up, above and beyond the current dynamic security.
I'd like to understand the steps required to implement a multi-tenant (client/company) application, where each might have multiple users.
It seems like tenantid would have to be assigned to each user, then grabbed upon login, and injected into each query, but I am not sure how to do that.
Each record, when created would have to be tagged with the tenantid of the logged in user.
I am sure this isn't a complete list- please help identify the missing steps and processes.
Best,

K
Sergey Kornilov admin 9/23/2010

Ken,
simply turn on 'Users can see and edit their own data only' security mode using tenantid as owner id.
K
 		kenlyle author 9/24/2010

OK, but say it's like a CRM application, and there are Managers who can see ALL the records for that tenantid, and salespeople, who should only see their records for that tenantid. For an application like this, it seems like there needs to be "another level" of ownership, so I was thinking of using the existing record owner capability for the manager/salesperson, and then adding tenantid on top.
This isn't urgent right now, but I have proposed on a tracking and reporting app that I think would be suitable for multi-tenant, and we should have the first one built out in the next two months.
Thanks,

K
Sergey Kornilov admin 9/25/2010

You'll need to create a several custom views restricting access to those views for different user groups via 'User Group Permissions'.
Then setup advanced security settings for each view using different owner id field (based on which user group will have access to this view).
Hope this makes sense.
K
 		kenlyle author 9/25/2010

Thanks. Your plan of using User Groups as roles and then tenantid as the ownerid sounds good.