Return-Path: <users-return-4608-archive-asf-public=cust-asf.ponee.io@isis.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 60D81200ACA
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 19 May 2016 06:19:38 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 5F77D160A15; Thu, 19 May 2016 04:19:38 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id A87E8160A00
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 19 May 2016 06:19:37 +0200 (CEST)
Received: (qmail 71353 invoked by uid 500); 19 May 2016 04:19:36 -0000
Mailing-List: contact users-help@isis.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@isis.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@isis.apache.org>
List-Post: <mailto:users@isis.apache.org>
List-Id: <users.isis.apache.org>
Reply-To: users@isis.apache.org
Delivered-To: mailing list users@isis.apache.org
Received: (qmail 71341 invoked by uid 99); 19 May 2016 04:19:36 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 May 2016 04:19:36 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id F003BC0D69
	for <users@isis.apache.org>; Thu, 19 May 2016 04:19:35 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.198
X-Spam-Level: *
X-Spam-Status: No, score=1.198 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001,
	SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id XFWV1q9zv4xQ for <users@isis.apache.org>;
	Thu, 19 May 2016 04:19:33 +0000 (UTC)
Received: from mail-ig0-f176.google.com (mail-ig0-f176.google.com [209.85.213.176])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 194A85F256
	for <users@isis.apache.org>; Thu, 19 May 2016 04:19:33 +0000 (UTC)
Received: by mail-ig0-f176.google.com with SMTP id vs11so42369igb.1
        for <users@isis.apache.org>; Wed, 18 May 2016 21:19:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to;
        bh=iYYDsRGBEV0b+rFFxl+mUgt0FLCvrwzGuftVuRVpznk=;
        b=ZCedccK/wg9Ay6rfUlAHDiE6QnNH0veszC8oLDNCVf+WA+RFFDm9jRH6QKgT2UAffH
         eI2IfWTiUer0YdaM0UU7uCw4/P+FW2K9ROoCjcvwuNq6JrPCuAlk/CMRDarSPrfW/DSH
         oZmZ8fpRvU3rH6Cy4gExyXDeE5El8CKdEOd9NYdysJZ/0dMvrQ6Fcu4kK1oWThy3nZEf
         f3lqdr8f4qNBGsaBSsG3xAjeFX6f231NN2f4M86qhLUagmXbXp9KvxgZWO9kQHvQFNxC
         K7kzwLRquc2oyU0mm/7+whi0PVPvzdLdK5dRBQjcKKl4D2Tb4qxeauzhkTVlDpu7xepv
         akAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to;
        bh=iYYDsRGBEV0b+rFFxl+mUgt0FLCvrwzGuftVuRVpznk=;
        b=cbhV20Lolt+iY+4nkBhskhAJ1eX9IuuLedcNuM6Gp8EazAv9pEgqrUtiQpqluJnO+V
         TlR97o7vNMhcOgvQpV0Hx2604WxhneqXhYdSE5aLtXs6LSLJkp0IZ5fZvW8GyuR9zI34
         Wxdbzip5ksMedCEBy0zkbxfO1SdZYUN/I7p1JD0ihqphpho5TLiotmaXORP1ws/NVCfa
         2Q2zZYCdbObwDQWesmUkJOWOQQWWzdktjsl+Fo8w8fQtwmxB3PXoEBCRxQIp2RvaK9i4
         Y7O9CYirkt2S73HhSGycp3G1R9YjZ4r+qMJjXGV3V3s8H1yvJeRoKOjvEvg/xirE2eTg
         HP/Q==
X-Gm-Message-State: AOPr4FXJ11FDNx6upC3tZ+YIYL9QnCqMYsGrkMtixN/MqYDjF7BYuF3Pbe2l1EAWRmP+orL1364VkfSz8nkHEA==
MIME-Version: 1.0
X-Received: by 10.50.39.114 with SMTP id o18mr1161834igk.38.1463631571975;
 Wed, 18 May 2016 21:19:31 -0700 (PDT)
Received: by 10.79.31.71 with HTTP; Wed, 18 May 2016 21:19:31 -0700 (PDT)
In-Reply-To: <CAHnP6miFfgdzvGxds91EDqTYSg_95U+1Yx6ZnP8wB+=SbT6hvQ@mail.gmail.com>
References: <CAEHmYmSr=ykdzosGux97KwNdH=Z9EwR4CSyEz6AucP8FW1m+tA@mail.gmail.com>
	<CAHnP6miFfgdzvGxds91EDqTYSg_95U+1Yx6ZnP8wB+=SbT6hvQ@mail.gmail.com>
Date: Thu, 19 May 2016 09:49:31 +0530
Message-ID: <CAEHmYmSXYJKinJjr+rGsZeqibQaryuCmgJsRFrzNznjnAhR4zw@mail.gmail.com>
Subject: Re: Mult-Tenancy
From: sunand p <sunandonline@gmail.com>
To: users <users@isis.apache.org>
Content-Type: multipart/alternative; boundary=047d7b339621ee2a7905332a4770
archived-at: Thu, 19 May 2016 04:19:38 -0000

--047d7b339621ee2a7905332a4770
Content-Type: text/plain; charset=UTF-8

Use Case:

Consider I am creating a platform where Multiple Organization with Users
belong to each organization should not see each other's data.
For example, Customer1 having 10 Users and Customer2 having 2 user sign in
to our Apache Isis generated app, now customer1 prefers to isolate the data
by keeping it in a separate Database since he doesn't want to host their
data on a shared DB (Option 3).

Do we have a notion of Users belonging to an Organization in our Apache
Isis Security module? Ideally multi-tenancy should allow me to create a
tenant first and then its users with special configuration like separate
DB, roles, permissions etc.

In the end, I want to support a multi-tenant environment where I should be
able to isolate my tenant's data in a separate DB altogether.

Does this make sense?


On Thu, May 19, 2016 at 2:20 AM, Jeroen van der Wal <jeroen@stromboli.it>
wrote:

> Hi Sunand,
>
> Because we needed more sophistication we've gone for option 3 and not
> implemented 1 and 2 but Datanucleus should be able to support those
> scenarios  [1]. What use case are your trying to solve?
>
> Cheers,
>
> Jeroen
>
> [1]
>
> http://www.datanucleus.org/products/accessplatform_3_1/rdbms/multitenancy.html
>
>
>
> On 18 May 2016 at 19:08, sunand p <sunandonline@gmail.com> wrote:
>
> > Hi,
> >
> > We have Isis-Security module as an addon which provides multi-tenancy
> > feature. Presently multi-tenancy as I understand is with respect to
> > associating an user to a tenant and assigning roles and permissions.
> "*Each
> > user can be associated with a particular tenancy, and Isis can then be
> > configured such that they cannot access data in other tenancies*"
> >
> > As for data, multi-tenancy is achieved via following ways,
> >
> > 1) Have a separate schema per tenant and have the tables created within
> the
> > schema and refer to it as (for example) *tenant1_schema.table1*
> >
> > 2) Have a separate database assigned to a tenant and keep all the data in
> > that DB.
> >
> > 3) Store all data in one table and have a tenant id discriminator.
> Include
> > the discriminator in the query framework after resolving a tenant add the
> > where clause to each query (For example) Select * from Table1 where
> > tenantId = 'tenant1'
> >
> > As for Apache Isis how can I support Option 1 and Option 2 in the current
> > framework?
> >
>

--047d7b339621ee2a7905332a4770--