Multitenancy

Warrant provides out-of-the-box support for implementing multi-tenancy using the built-in tenant object type. In general, multi-tenancy is orthogonal to your choice of access model, so it can be implemented alongside any access model including role based access control and/or fine-grained authorization.

In this quickstart, we'll walk through assigning users to tenants and checking associations between users and tenants in your application via API. Note that user to tenant assignments can also be managed from the Warrant Dashboard.

1. Assign Users to Tenants

In order to associate users with tenants, we must assign them to one or more tenants using a relation (think of this like a role). This relation represents different levels of privilege within the tenant. By default, the available relations on tenants are admin, manager, and member. Users can also be assigned to multiple tenants if supported by an application. To learn more about how tenants work, read about the built-in tenant object type. As an example, let's assign a user as a member of a tenant:

CLI

Assign users to tenants

warrant assign user:my-user member tenant:my-tenant

Go

Assign users to tenants

warrant, err := user.AssignUserToTenant("my-user", "my-tenant", "member")
if err != nil {
    // handle error
}

Java

Assign users to tenants

try {
    Warrant newWarrant = client.assignUserToTenant(new User("my-user"), new Tenant("my-tenant"), "member");
} catch (WarrantException e) {
    // Handle error
}

Node.js

Assign users to tenants

const newWarrant = await warrant.User.assignUserToTenant(
  "my-tenant",
  "my-user",
  "member"
);

PHP

Assign users to tenants

$warrant->addUserToTenant("my-tenant", "my-user", "member");

Python

Assign users to tenants

try:
    warrant.User.assign_to_tenant("my-tenant", "my-user", "member")
except WarrantException:
    # Handle error
end

Ruby

Assign users to tenants

# Class method
Warrant::User.add_to_tenant("my-tenant", "my-user", "member")

# Instance method
tenant = Warrant::Tenant.get("my-tenant", "member")
tenant.add_user("my-user", "member")

2. Check for User Membership in Tenants

Once user to tenant associations have been defined, we can make use of the Check API to check for and enforce user membership in tenants within our application.