🎓
Multitenancy via AccessPolicy
Build Multitenancy with AccessPolicy
Aidbox stores all the tenants in a single database and serves number of them at once. It obtains tenant-id from each request and returns the data belonging to the tenant.

Key concepts

  • All resources have to be created with the tenant-id
  • tenant id is stored within the identifier attribute at the resource
  • Access policies require tenant-id parameter in each request

Multitenancy setup and requests example

Add Client

There are several ways to create client. We use the simplest one to do it: Basic Auth.
1
PUT /Client/org1
2
Accept: text/yaml
3
Content-Type: text/yaml
4
5
id: org1
6
secret: secret
7
grant_types:
8
- basic
Copied!

Add org-1 tenant resource

Create patient providing it's tenant-id in the identifier property.
1
PUT /Patient/test-patient-1
2
Content-Type: text/yaml
3
4
id: test-patient-1
5
identifier:
6
- system: tenantId
7
value: org1
8
name:
9
- given:
10
- John
11
gender: male
Copied!

Define AccessPolicy for multi-tenancy

Create access policy to ensure tenant-id is provided in all requests.
1
PUT /AccessPolicy/org1-patient-policy
2
Content-Type: text/yaml
3
4
link:
5
- id: org1
6
resourceType: Client
7
engine: matcho
8
matcho:
9
"$one-of":
10
- request-method: get
11
params:
12
identifier:
13
"$one-of":
14
- tenantId|org1
15
- "$contains": tenantId|org1
16
- request-method: post
17
body:
18
identifier:
19
"$contains":
20
value: org1
21
system: tenantId
22
- request-method: put
23
params:
24
identifier:
25
"$one-of":
26
- tenantId|org1
27
- "$contains": tenantId|org1
28
body:
29
identifier:
30
"$contains":
31
value: org1
32
system: tenantId
33
- request-method: delete
34
params:
35
identifier:
36
"$one-of":
37
- tenantId|org1
38
- "$contains": tenantId|org1
Copied!

Multi-tenant request examples

Search the Patient with the correct tenant-id returns the resource.
Request
Response
1
GET /Patient?identifier=tenantId|org1&_id=test-patient-1
Copied!
Status: 200
1
id: test-patient-1
2
identifier:
3
- system: tenantId
4
value: org1
5
name:
6
- given:
7
- John
8
gender: male
Copied!
Update the Patient resource.
Request
Response
1
PUT /Patient?identifier=tenantId|org1&_id=test-patient-1
2
Content-Type: text/yaml
3
4
identifier:
5
- system: other
6
value: foo
7
- system: tenantId
8
value: org1
9
name:
10
- given:
11
- John
12
gender: male
Copied!
Status: 200
1
identifier:
2
- system: other
3
value: foo
4
- system: tenantId
5
value: org1
6
name:
7
- given:
8
- John
9
gender: male
Copied!
Read updated Patient resource.
Request
Response
1
GET /Patient?identifier=tenantId|org1&identifier=other|foo
Copied!
Status: 200
1
identifier:
2
- system: other
3
value: foo
4
- system: tenantId
5
value: org1
6
name:
7
- given:
8
- John
9
gender: male
Copied!
Delete Patient resource.
Request
Resoponse
1
DELETE /Patient?_id=test-patient-1&identifier=tenantId|org1
Copied!
Status: 200
1
// empty body
Copied!