https://authzed.com logo
Title
e

edgardorobles

01/24/2023, 1:40 PM
Hi, Is there a way to support multi-tenant? Can we create a database per tenant for isolation? I was not able to find an API for this?
j

Joey

01/24/2023, 3:34 PM
if you are making fully isolated tenants, it is recommended to run distinct clusters
that way, you not only have full security isolation, but resource isolation as well
d

dsieczko

01/24/2023, 3:38 PM
Hey @edgardorobles (it's damian 🙂) in AuthZed's SpiceDB Dedicated you can deploy isolated Permissions Systems. You can also do this in SpiceDB Serverless. We're also supporting this in a psuedo way with soon to be released Smart Tokens - which you can get via AuthZed's commercial products. Would love your feedback on this OS issue though https://github.com/authzed/spicedb/issues/204!
e

edgardorobles

01/24/2023, 4:15 PM
Hi, I get no results. Also just to be clear, there is nothing in the current open source spicedb that supports this? I am assuming it is https://github.com/authzed/spicedb/issues/204 I disagree with the last comment. There are multiple ways to solve the issue and depends on the customer which one is better. In that scenario you maybe deploying more resources than you are using because all you need is database isolation. Thank you.
j

Joey

01/24/2023, 4:16 PM
yeah, the
!
at the end was interpreted by Discord as part of the link accidentally
@edgardorobles if you need full, complete, isolation then the only sure-fire way is to have distinct clusters
in most cases, however, people want partial isolation but still a means to share, say, users and groups
e

edgardorobles

01/24/2023, 7:44 PM
I find that other zanzibar systems deal with the by keeping all tenants in one system and model by using organizations, users and groups to separate. That is this sort of dangerous too.
j

Joey

01/24/2023, 8:27 PM
is the intention to share users and groups or have 100% full isolation?
e

edgardorobles

01/24/2023, 10:16 PM
Partial isolation and share users and groups. Running distinct clusters per tenant is not an option.
j

Joey

01/24/2023, 10:21 PM
okay, then you don't want multi-tenancy. you want shared tenancy with isolation on specific API calls, correct?
e

edgardorobles

01/25/2023, 12:49 AM
yes
j

Joey

01/25/2023, 1:34 AM
okay, great. that will be supported with the upcoming smart tokens feature
its in active development as we speak