Skip to main content

Tenant

Most multitenant B2B applications have a concept of tenants: a way to partition data and users between customers. Some applications might refer to a tenant as an organization, a customer, a company, or one of many other alternatives. Warrant helps enforce data isolation and access control across tenants in multitenant B2B applications by allowing you to specify authorization rules per tenant in your application. The full representation of the tenant object type is:

{
  "type": "tenant",
  "relations": {
    "admin": {},
    "manager": {
      "inheritIf": "admin"
    },
    "member": {
      "inheritIf": "manager"
    }
  }
}

Data Integrity

Similar to users, Warrant operates with 'strict data integrity' with respect to tenants. This means that you can only create warrants for tenants that exist in Warrant. So before we can create tenant-specific warrants, we need to 'register' our tenants.

The Tenants API provides a way to register tenants in Warrant. You can either provide a unique identifier for each tenant as defined in your system or let Warrant generate a unique tenantId for you. Users and other data can be associated with tenants using warrants and subsequent authorization checks can enforce that a particular user belongs to a tenant before being able to access data within that tenant.

Provided IDs

One way to create tenants in Warrant is to create them using the same id you use to identify them in your system. This id should be a unique id generated by your database or application.

This approach is easier because you don't need to store a separate Warrant-specific tenant id for each of your tenants. For example, if you have a tenant Acme Inc with id d6ed6474-784e-407e-a1ea-42a91d4c52b9 in your system, you can create a tenant in Warrant with the same tenantId.

Warrant-generated IDs

If you don't provide a tenantId on user creation, Warrant will generate a tenantId for that tenant. This is particularly useful if you don't want to create and maintain a tenant table in your application's database.

Note that in this case, we recommend storing the Warrant-generated tenantId as a new field in your system for future reference. We recommend creating a tenantId field or column in your database table to store this id.

Dealing with Existing Tenants

If you're integrating Warrant into a live system, chances are that you already have many existing tenants. To onboard all of your tenants at once, you can bulk-create them in Warrant. The easiest way to do this is via a script that calls the create tenant API for each of your existing tenants.

We'll be adding a CLI tool in the future to make this process easier.