Implementing Multitenancy
Warrant provides out-of-the-box support for implementing multi-tenancy using the built-in tenant object type. In general, multi-tenancy is orthogonal to your choice of access model and so can be implemented alongside any access model including role based access control and fine-grained authorization.
In this quickstart, we'll walk through creating tenants, assigning users to tenants and checking for tenancy associations in your application via API. Note that tenants can also be created and managed from the Warrant Dashboard.
1. Creating Tenants in Warrant
The first step is to make sure that new tenants are created in Warrant when they are created in your application. Typically, this takes place when a new company creates an account in your application. To create tenants in Warrant whenever a tenant is created in your application, add the following code to your app within the new tenant registration flow:
- Go
- Java
- Node.js
- Python
- Ruby
- PHP
newTenant, err := client.CreateTenant(warrant.Tenant{TenantId: "6334d6af-bc6c-4620-b366-69df05cde736"})
if err != nil {
// Handle error
}
try {
tenant = client.createTenant(new Tenant("6334d6af-bc6c-4620-b366-69df05cde736"));
} catch (WarrantException e) {
// Handle error
}
warrantClient
.createTenant({ tenantId: "6334d6af-bc6c-4620-b366-69df05cde736" })
.then((newTenant) => console.log(newTenant))
.catch((error) => console.log(error));
try:
newTenant = client.create_tenant("6334d6af-bc6c-4620-b366-69df05cde736")
except WarrantException:
# Handle error
end
begin
newTenant = Warrant::Tenant.create(tenant_id: "6334d6af-bc6c-4620-b366-69df05cde736")
rescue
# Handle error
end
try {
$new_tenant = $warrant->createTenant(new \Warrant\Tenant("6334d6af-bc6c-4620-b366-69df05cde736"));
} catch ($e) {
// Handle error
}
2. Assigning Users to Tenants
Once tenant(s) have been created, we can assign users to them. Users can be assigned to multiple tenants. As an example, we can assign a user to a given tenant:
- Go
- Java
- Node.js
- Python
- Ruby
- PHP
warrant, err := client.AssignUserToTenant("my-tenant", "my-user")
if err != nil {
// handle error
}
warrantClient
.addUserToTenant("my-tenant", "my-user")
.then((warrant) => console.log(warrant))
.catch((error) => console.log(error));
# Class method
Warrant::User.add_to_tenant("my-tenant", "my-user")
# Instance method
tenant = Warrant::Tenant.get("my-tenant")
tenant.add_user("my-user")
$warrant->addUserToTenant("my-tenant", "my-user");
3. Checking for Tenant Associations
Once tenants and user:tenant associations have been defined, we can make use of the Users API and Tenants API to query for and enforce tenant associations in our application.