Skip to main content

Implementing Multitenancy

Warrant provides out-of-the-box support for implementing multi-tenancy using the built-in tenant object type. In general, multi-tenancy is orthogonal to your choice of access model, so it can be implemented alongside any access model including role based access control and/or fine-grained authorization.

In this quickstart, we'll walk through creating tenants, assigning users to tenants, and checking associations between users and tenants in your application via API. Note that tenants can also be created and managed from the Warrant Dashboard.

1. Creating Tenants in Warrant

The first step is to make sure that new tenants are created in Warrant when they are created in your application. Typically, this takes place when a new company creates an account in your application. To create a tenant in Warrant whenever a tenant is created in your application, add the following code to your app in your registration flow:

warrant.Tenant.create({ tenantId: "6334d6af-bc6c-4620-b366-69df05cde736" })
.then((newTenant) => console.log(newTenant))
.catch((error) => console.log(error));

2. Assigning Users to Tenants

Once tenant(s) have been created, we can assign users to them. Users are assigned to tenants using a relation. This relation can then be used to grant users different levels of privilege within the tenant. By default, the available relations on tenants are admin, manager, and member. Users can also be assigned to multiple tenants. To learn more about how tenants work, read about the built-in tenant object type. As an example, let's assign a user as a member of a tenant:

warrant.User.assignUserToTenant("my-tenant", "my-user", "member")
.then((warrant) => console.log(warrant))
.catch((error) => console.log(error));

3. Checking for Tenant Associations

Once tenants and user -> tenant associations have been defined, we can make use of the Users API and Tenants API to query for and enforce tenant associations in our application.