In the existing Feature and Permission system, Abp caters for specifying a Feature level for a Tenant. Under the Tenant Feature level one could add the permission for a User based on the available Tenant Feature.
But what I am trying to achieve is a sub-feature for an Organization unit.
So for example, I set "Product" and "Book" feature for one tenant, and this tenant only want to assign "Product" to one Organization Unit, how would I go about implementing a FeatureProvider to achieve this behavior?
Related
Is it possible to set custom view as default for security role?
Not really. System views are nowhere related to be driven by security roles like forms/dashboards. The closest one can be either keep the view in a Dashboard and the dashboard can be controlled by security role. Read more
Otherwise, create Personal view to share with a Team, for each security role need - create a Team (1-1) for easy mapping/sharing.
Cannot find anywhere on Google Identity Platform docs that clearly describe whether it's possible to assign a single user to multiple tenants. see https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants
My project needs the capability to have a single user be able to login to multiple, separate tenants. Currently, I have to create a new user on every tenant I want to be able to login to. This is not good because each new user I create has a different uid and separate password management. For a single user, I want to be able to maintain the same uid across tenants so the associated user data can be consistent as well.
I was thinking there would be some way to create a user at the project level (not tenant level) and then assign that user to specific tenants?
Some random thoughts: The docs say some things about migrating users between tenants, perhaps that is one way. Also was thinking that creating a tenant user with my existing project-level uid would somehow merge them so the uid and password management is the same?
Edit: I found this conceptual discussion to be helpful: https://softwareengineering.stackexchange.com/questions/403274/multitenancy-with-cross-tenant-users
what I gathered from that link is that SSO is separate from multi-tenancy. So I'm trying to figure out an SSO solution on top of multi-tenancy google idp. Any code solutions/suggestions for how to add SSO on top of multi-tenant google identity platform?
If you need the same user across tenants maybe you should instead rely on the user email, custom claims, federated ID (eg. user.providerData[0].uid). When you get an ID token for the user you have access to this same information regardless of the tenant or user.uid.
I am building a web app (using Laravel but it's irrelevant), that will have multiple tenants with each tenant having its own database. The backend and frontend code end will be common.
We all know the benefits of multitenancy with a dedicated DB per tenant, so I will no go over it again. In my case, it fits my needs 100%.
My question:
If a tenant (client) comes to me for customization (ex. an additional feature, alteration of current feature, removal of feature, etc.) how do I execute this? Obviously I can't alter the code for all tenants, so I guess I will need some kind of filtering or settings where I can toggle features on and off per tenant.
Any ideas?
Thanks in advance.
There are couple of ways to implement Multi-Tennancy.
Here I would like to suggest two ways which I implemented previously in my projects.
First Way :
Create the tenant table. Add tenant_id column in every DB table.
Pass the corresponding Tenant id in every request's header part. Backend will get tenant id from header.
Second Way :
Create tenant table with two columns namely tenant_name and tenant_uuid value.
front end send the tenant name in URL like https://tenant1.xyz.com. Create one interceptor which intercept the front end request and get tenant name from the URL. Based on that tenant name you can get particular tenant info from DB.
Now store that tenant info in request context of your application.
you can use that info from wherever you want.
In first way you have to pass tenant id in all layer of application which is not advisable. But in second way you can get tenant id from context so no need to pass it in all the layer.
Now Answer for second question is :
For feature toggling of particular tenant. You can create feature table with columns feature_name, is_enabled and tenant_id.
Now suppose you have to show Dashboard feature to X tenant and do not want to show it Y tenant. Then you just have to do enabled and disabled in this table only.
I created a multi-tenant application where each tenant have different set of users. I am trying to implement a functionality where same user might exist in different tenants. Does outsystems provide such functionality or I have to create my custom logic ?
Right now, I did create a user having same username in 2 different tenants and during login I am showing user to select tenants. But on changing tenants and logging to that tenant, the environment doesn't switch to that tenant that user has selected.
Below is the image of the logic of switching tenants and logging in the customer.
During debugging I saw that after executing TenantSwitch action it did change the Site.TenantID property but after User_Login action is reverted to the first tenant not the one user selected.
When you use User_Login(), the system will log you in the first Tenant it finds in the DB that has that username, thus ignoring your TenantSwitch().
So, if you want to login to a specific Tenant in your case, you need to be more explicit and instead use the Login() action - after the tenant switch.
For a thorough explanation of this, with example code, please check out the following deepdive Master Class on Multi-Tenancy starting around the 27:20 minute mark.
This isn't available out of the box as OutSystems assigns users (and all entities) to a specific tenant. Entities belonging to single tenanted modules are assigned to the default tenant.
OutSystems uses a hidden .Tenant_Id attribute on each entity to indicate which tenant that user belongs to. You can unhide this attribute for the users entity by selecting it, clicking More... and then ticking the relevant box in the Advanced tab. You can then access the attribute directly, but be aware this will hinder OutSystems' ability to do some of the stuff it does automatically to ensure that you access tenant specific data.
When you use the User_Login action OutSystems will deduce which tenant to use from the User.Tenant_Id attribute regardless of which tenant you've switched it to previously. The user would need an account for each tenant they need to use, but there's no reason this couldn't be done behind the scenes with OS fetching the correct username before logging in. You'd need to ensure they all stay in sync though, especially the passwords ofc.
I want to have a multi tenant feature for Azman, for Eg: Each hospital should have particular roles to task link.
Or in short multiple stores in single DB.
Kindly suggest.
You can create a custom role provider and have the following setup
Adding a TenantId as a column in the Roles Table
For every getting of the roles, get the union of the tenant specific roles and the global roles if any.
In case of a customization of the global role by a given tenant, use the privileges from the tenant context.
This also facilitates the copy of the global role to the tenant. However, your business demands should be considered as well for more details on the implementation.