I've already implemented multi tenancy in Parse, by (1) creating tenant-specific roles (each time a new tenant is created) and (2) assigning them to the ACLs of the objects/records/rows related to the tenant on any given table.
I wonder if it is the same (role-based) logic on Backand and how is it should be implemented.
Any example or pointer to examples would be great.
The role based security in Backand that will help you to build a multi tenancy app, consist object level security and predefined filter. The predefined filter is important for multi tenancy. It allows you to use the same object for different tenants and to filter the data so each tenant will be isolated. The predefined filter is either a NoSQL or SQL statement that always run in the server and filter the data. In Backand you can automatically create a statement that will filter only the data that the requesting user created. You need to make sure that all the objects are related to the users object so such filter statements will work. Here is an auto generated NoSQL example that filters all the items for a specific user, unless the user has an admin role:
{
"$or": [
{
"'{{sys::role}}'": "'Admin'"
},
{
"user": {
"$in": {
"object": "users",
"q": {
"email": {
"$eq": "'{{sys::username}}'"
}
},
"fields": [
"id"
]
}
}
}
]
}
Here is the same as SQL:
( 'Admin' = '{{sys::role}}') or (`items`.`user` in (select `users`.`id` from `users` where `users`.`email` = '{{sys::username}}'))
You can edit this statement so it will filter for what identifies a tenant in your app.
You can this with each of your objects. This is located in the security tab of the objects.
