Skip to main content


Warrant provides out-of-the-box support for implementing multi-tenancy using the built-in tenant object type. In general, multi-tenancy is orthogonal to your choice of access model, so it can be implemented alongside any access model including role based access control and/or fine-grained authorization.

In this quickstart, we'll walk through assigning users to tenants and checking associations between users and tenants in your application via API. Note that user to tenant assignments can also be managed from the Warrant Dashboard.

1. Assign Users to Tenants

In order to associate users with tenants, we must assign them to one or more tenants using a relation (think of this like a role). This relation represents different levels of privilege within the tenant. By default, the available relations on tenants are admin, manager, and member. Users can also be assigned to multiple tenants if supported by an application. To learn more about how tenants work, read about the built-in tenant object type. As an example, let's assign a user as a member of a tenant:

Assign users to tenants
warrant assign user:my-user member tenant:my-tenant

2. Check for User Membership in Tenants

Once user to tenant associations have been defined, we can make use of the Check API to check for and enforce user membership in tenants within our application.