Multi-tenancy #

This module it's based to the plugin multi-tenancy v1 and define somes behaviors on pipes like trigger action on other plugins and apply filter on data.

Tenant #

For actions create, update delete the specific engine controller of differents plugins is called.

For exemple when a tenant was created the action create on controllers device-manager/engine, workflows/engine, ... is called.

At the moment the plugins handled by these pipes are device-manager, workflows, scheduler and dashboard-builder

Soft tenant #

Currently this feature is disabled by default you should add this configuration in kuzzlerc to enabled it

{
  "plugins": {
    "multi-tenancy": {
      "softTenant": true
    }
  }
}

When soft tenant is enabled some pipes applied restrictions on documents, to filter or limit acces at the documents to user with sufficiant permissions.

Example of restrictions:

A Tenant admin can manage the documents in all soft tenant of the tenant where he is allowed
A reader user can only read documents associated to the soft tenant where the user have the permission to read.

Read Concepts Permissions for more details of rights.

Notes: Currently only asset documents are handled

The filter is applied on pipes generic:document for actions write, get, update, delete and search.

Also when a tenant is deleted all documents linked to it are unlinked

Edit this page on Github