Skip to main content

Posts

Showing posts with the label multi-tenant

Using Spring Cloud Config Server for Multi-tenancy configuration

Let's walk through a basic example of how to set up and use Spring Cloud Config Server to manage configuration for multiple tenants in a Spring Boot Application. Step 1: Create a Spring Cloud Config Server Create a new Spring Boot project with the Spring Cloud Config Server dependency. <!-- pom.xml --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-config-server</artifactId> </dependency> Configure the Spring Cloud Config Server: // src/main/java/com/example/ConfigServerApplication.java import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.config.server.EnableConfigServer; @SpringBootApplication @EnableConfigServer public class ConfigServerApplication { public static void main(String[] args) { SpringApplication.run(ConfigServerApplication.class, args); } } Configure the appl

How to build a Policy Management System

Introduction Policies are a fine grained model of applying security restrictions on the various entities in the business application.  Can I achieve fine grained access only with Policies? The answer is NO. There are ways where we can model the same with the entity level permissions like feature. So what is so special about policies. Policies are typically a agreed upon JSON format that can be used to be built by the user and tie up with any entity or specific record in the entity. Since this is a JSON, it is easy to define and contain wildcards, regex matches etc which kind of becomes difficult to manage in other formats. Design The below diagram illustrates how the policies can be created and enforced in an application. As shown above, the Administrator is responsible to create the policies and bind them with the entities. Enforcement of the policies are done as part of the entity service, which passes on the request for access to a policy manager. The policy manager talks to the dat

How to design Tenant based roles in a multi-tenant SaaS application

The need Q: Why do we need the option to allow tenant's to create their own roles? A: So that they can correlate their business roles with the SaaS application roles rather than try to create a mental map of what business role maps to which application role Q: It seems quite useful, but how much of an effort is this? A: Though it seems to be a little more work, it is quite simple. This post will walk through how to build and use this model. Database Design In the database (which ever multi-tenancy level is chosen), we need a table which we can call it as Roles. This table normally contains the following attributes Roles (id, name, description, createdby, createdon, updatedby, updatedon, status/isActive)  This table allows all the roles to be at the global level. There will be another table called as Tenant Role which map the roles against the tenant's TenantRoles(id, tenantId, roleId, mappedby, mappedon, updatedby, updatedon, status/isActive) In this table, we are mapping the r

Strategy for Database choice in a multi-tenant application

Introduction Which database strategy do I choose from and what are the options on the table? This post aims to help the developer / architect to choose the database strategy for a multi-tenant application In a multi-tenant application, there are many areas or concerns that require attention like the cost, data isolation and protection, maintenance, and disaster recovery. Multi-tenant solutions can opt any strategy from one database per tenant (fully isolated) to one row per tenant (shared database) or to have separate schema per tenant in the same database (Shared server, separate schemas).

Data Security through Physical Isolation in Multi-Tenant SaaS Applications

There exists a notion that in order to achieve the better security, we should opt for the physical isolation of databases This is not true in reality, we can design using the right patterns so that we can still have the single table which have all the tenant information and still use the row level security pattern to restrict the data access by the tenant. However, this has to be done for a MVP and based on the various parameters, this design is to be revisited and incase of having a tenant that has a very huge volume of data, in that case, we can migrate the tenant data to a separate database. The migration of the data might be taking more time, so there should be a suitable connector that is built so that the tenant filter is applied during the data migration in the appropriate value. The approach of having a single database is not applicable when there are GDPR or other HIPPAA compliances to be enforced.

Implementing Row Level Security [RLS] for a Multi-Tenant SaaS Application

Row Level Security The need for row level security stems from the demand for fine-grained security to the data. As the applications are generating vast amounts of data by the day. Application developers are in need of making sure that the data is accessible to the right audience based on the right access level settings. Even today, whenever an application was built, the application development team used to spend a lot of time researching the approach, implementing multiple tables multiple logics 25 queries to add filters to manage the data security for every query that gets transferred from the end user request to the application database. This approach requires a lot of thought process, testing and security review because the queries needs to be intercepted, updated and the data retrieval to be validated to make sure the end-users see only the data that they are entitled to. Implementation With the advent of of row level security feature being rolled out in main d

User Authentication schemes in a Multi-Tenant SaaS Application

User Authentication in Multi-Tenant SaaS Apps Introduction We will cover few scenarios that we can follow to perform the user authentication in a Multi-Tenant SaaS application. Scenario 1 - Global Users Authentication with Tenancy and Tenant forwarding In this scheme, we have the SaaS Provider Authentication gateway that takes care of Authentication of the users by performing the following steps Tenant Identification User Authentication User Authorization Forwarding the user to the tenant application / tenant pages in the SaaS App This demands that the SaaS provider authentication gateway be a scalable microservice that can take care of the load across all tenants. The database partitioning (horizontal or other means) is left upto the SaaS provider Service. Scenario 2 - Global Tenant Identification and User Authentication forwarding   In the above scenario, the tenant identification happens on part of the SaaS provider Tenant Identification gateway. Post which, the

Software As A Service (SaaS)

A Short Note on SaaS [Software As A Service]. IMHO, I am building upon a short post on SAAS, this is not exhaustive, but I encourage the readers to share their valuable comments to improve this post. SaaS is an abbreviation of Software As A Service.AKA Software on Demand, where the vendors develop, host and operate on the software and make it available on the internet for its consumers / customers. SaaS is the most mature category of cloud service, since it evolved from the application-service-provider model of software hosting. With SaaS, software applications are rented from a provider as opposed to purchased for enterprise installation and deployment. SaaS is the most mature category of cloud service, since it evolved from the application-service-provider model of software hosting. With SaaS, software applications are rented from a provider as opposed to purchased for enterprise installation and deployment. Users Can range from small group to multitude SaaS Considerat