Implementing Multitenancy
Warrant provides out-of-the-box support for implementing multi-tenancy using the built-in tenant object type. In general, multi-tenancy is orthogonal to your choice of access model, so it can be implemented alongside any access model including role based access control and/or fine-grained authorization.
In this quickstart, we'll walk through creating tenants, assigning users to tenants, and checking associations between users and tenants in your application via API. Note that tenants can also be created and managed from the Warrant Dashboard.
1. Creating Tenants in Warrant
The first step is to make sure that new tenants are created in Warrant when they are created in your application. Typically, this takes place when a new company creates an account in your application. To create a tenant in Warrant whenever a tenant is created in your application, add the following code to your app in your registration flow:
- Go
- Java
- Node.js
- Python
- Ruby
- PHP
newTenant, err := client.CreateTenant(warrant.Tenant{TenantId: "6334d6af-bc6c-4620-b366-69df05cde736"})
if err != nil {
// Handle error
}
try {
tenant = client.createTenant(new Tenant("6334d6af-bc6c-4620-b366-69df05cde736"));
} catch (WarrantException e) {
// Handle error
}
warrant.Tenant.create({ tenantId: "6334d6af-bc6c-4620-b366-69df05cde736" })
.then((newTenant) => console.log(newTenant))
.catch((error) => console.log(error));
try:
newTenant = warrant.Tenant.create(id="6334d6af-bc6c-4620-b366-69df05cde736")
except WarrantException:
# Handle error
end
begin
newTenant = Warrant::Tenant.create(tenant_id: "6334d6af-bc6c-4620-b366-69df05cde736")
rescue
# Handle error
end
try {
$new_tenant = $warrant->createTenant(new \Warrant\Tenant("6334d6af-bc6c-4620-b366-69df05cde736"));
} catch ($e) {
// Handle error
}
2. Assigning Users to Tenants
Once tenant(s) have been created, we can assign users to them. Users are assigned to tenants using a relation. This relation can then be used to grant users different levels of privilege within the tenant. By default, the available relations on tenants are admin, manager, and member. Users can also be assigned to multiple tenants. To learn more about how tenants work, read about the built-in tenant object type. As an example, let's assign a user as a member of a tenant:
- Go
- Java
- Node.js
- Python
- Ruby
- PHP
warrant, err := client.AssignUserToTenant("my-tenant", "my-user", "member")
if err != nil {
// handle error
}
try {
client.assignUserToTenant(new User("my-user"), new Tenant("my-tenant"), "member");
} catch (WarrantException e) {
// Handle error
}
warrant.User.assignUserToTenant("my-tenant", "my-user", "member")
.then((warrant) => console.log(warrant))
.catch((error) => console.log(error));
try:
warrant.User.assign_to_tenant("my-tenant", "my-user", "member")
except WarrantException:
# Handle error
end
# Class method
Warrant::User.add_to_tenant("my-tenant", "my-user", "member")
# Instance method
tenant = Warrant::Tenant.get("my-tenant", "member")
tenant.add_user("my-user", "member")
$warrant->addUserToTenant("my-tenant", "my-user", "member");
3. Checking for Tenant Associations
Once tenants and user -> tenant associations have been defined, we can make use of the Users API and Tenants API to query for and enforce tenant associations in our application.