https://authzed.com logo
Join Discord
Powered by
Does spicedb handle multi tenancy?
# spicedb
a
Does spicedb handle multi tenancy?
v
it does not have first-class support multi-tenancy. The way we typically recommend doing it is: - use the SpiceDB-operator to spin a new instance per tenant - use tenant specific prefixes in your relationships to implement tenancy
a
instance with new database right?
or we can use postresql schema for per tenant?
@vroldanbet
v
you can use the same physical database or a different one, and yes you can use logical databases in the same physical instance
j
but be warned of noisy neighbor if you do that
a
@vroldanbet and is there any roadmap to incorporate the first clas support of multitenancy? If not then what is the reason to not handle this?
v
getting multi-tenancy right in a security-related product is hard. We have experience doing this in our multi-tenant Authzed Serverless. With the convenience of the spicedb-operator, it's trivial to provision new SpiceDB instances, so we decided not to do it. That said, we have constant asks for it, and we have some ideas on a form of multi-tenancy we consider more useful and novel than what our competitors offer, and in line with what most folks use spicedb for, but it's not planned.
j
Are you trying to multi-tenancy to isolate your different customers (thus they'd all be using the same schema) or entirely different use cases?
a
@jzelinskie so I've a users based on the tenants, and also some objects which are also based on tenants, so I want to create those relationship.
means subject and object are both relies on tenant, so if don't put the tenancy then it might occur the object ids can have same in different tenants
so its like this tenant -> object -> user, so a user should be identifed in an tenant hierarcy.
v
you can solve that by prepending the tenant name to your object IDs
13 Views
PreviousNext
Powered by