0

Let's say you have a Tenant that has many Users that have many Accounts that have many transactions.

How far down the tree do you add a TenantId property?
How far down do the tree do you add a UserId?
Or do you only ever need to have the parent id?

Assume that the user will never intentionally access a child entity without first accessing it's parent. In a slug, it would be something like: baseurl.com/accounts/{accountId/transactions/{transactionId}

public class Tenant
{
    public long Id { get; set; }
    public string Name { get; set; }
    public virtual ICollection<User> Users { get; set; }
    public virtual ICollection<Account> Accounts { get; set; }
    public virtual ICollection<Transaction> Transactions { get; set; }
}

public class User
{
    public long Id { get; set; }
    public long TenantId { get; set; }
    public string Name { get; set; }
    public virtual ICollection<Account> Accounts { get; set; }
}

public class Account
{
    public long Id { get; set; }
    public long TenantId { get; set; }
    public string UserId { get; set; }
    public virtual ICollection<Transaction> Transactions { get; set; }
}

public class Transaction
{
    public long Id { get; set; }
    public long TenantId { get; set; }
    public string UserId { get; set; }
    public string AccountId { get; set; }
}

I tend to see examples using TenantId on everything that falls under a tenant. I imagine this is for security, but my natural assumption would be that UserId would suffice. For exampple, even though Transaction is two levels below User, I don't believe I should allow anyone who know the Transaction ID to access a transaction without also being the user that owns the account.

dapperdan1985
  • 3,132
  • 2
  • 15
  • 26

1 Answers1

1

The norm that we have followed for adding the TenantId is to all the main entities. for example, Users and Accounts should have the TenantId. Since the transaction is a dependent entity on both the User and Accounts and as such since it cannot be fetched with out referring to the base (Account / User), there is no mandate for a TenantId.

The rule of thumb is to classify the main business entity to be grouped / categorized by a tenant. (User, Accounts etc) so that when the data is being retrieved or updated in the database, the proper tenant filtering happens prior to any operation being performed on the mapping or child tables. Hence, based on the domain objects, please include the TenantId column wisely.

Saravanan
  • 7,637
  • 5
  • 41
  • 72