Multitenancy via AccessPolicy

Build Multitenancy with AccessPolicy

Aidbox stores all the tenants in a single database and serves number of them at once. It obtains tenant-id from each request and returns the data belonging to the tenant.

Key concepts

All resources have to be created with the tenant-id
tenant id is stored within the identifier attribute at the resource
Access policies require tenant-id parameter in each request

Multitenancy setup and requests example

Add `Client`

There are several ways to create client. We use the simplest one to do it: .

PUT /Client/org1
Accept: text/yaml
Content-Type: text/yaml

id: org1
secret: secret
grant_types:
  - basic

Add `org-1` tenant resource

Create patient providing it's tenant-id in the identifier property.

PUT /Patient/test-patient-1
Content-Type: text/yaml

id: test-patient-1
identifier:
- system: tenantId
  value: org1
name:
- given:
  - John
gender: male

Define `AccessPolicy` for multi-tenancy

Create access policy to ensure tenant-id is provided in all requests.

PUT /AccessPolicy/org1-patient-policy
Content-Type: text/yaml

link:
- id: org1
  resourceType: Client
engine: matcho
matcho:
  "$one-of":
  - request-method: get
    params:
      identifier:
        "$one-of":
        - tenantId|org1
        - "$contains": tenantId|org1
  - request-method: post
    body:
      identifier:
        "$contains":
          value: org1
          system: tenantId
  - request-method: put
    params:
      identifier:
        "$one-of":
        - tenantId|org1
        - "$contains": tenantId|org1
    body:
      identifier:
        "$contains":
          value: org1
          system: tenantId
  - request-method: delete
    params:
      identifier:
        "$one-of":
        - tenantId|org1
        - "$contains": tenantId|org1

Multi-tenant request examples

Search the Patient with the correct tenant-id returns the resource.

GET /Patient?identifier=tenantId|org1&_id=test-patient-1

Status: 200

id: test-patient-1
identifier:
- system: tenantId
  value: org1
name:
- given:
  - John
gender: male

Update the Patient resource.

PUT /Patient?identifier=tenantId|org1&_id=test-patient-1
Content-Type: text/yaml

identifier:
- system: other
  value: foo
- system: tenantId
  value: org1
name:
- given:
  - John
gender: male

Status: 200

identifier:
- system: other
  value: foo
- system: tenantId
  value: org1
name:
- given:
  - John
gender: male

Read updated Patient resource.

GET /Patient?identifier=tenantId|org1&identifier=other|foo

Status: 200

identifier:
- system: other
  value: foo
- system: tenantId
  value: org1
name:
- given:
  - John
gender: male

Delete Patient resource.

DELETE /Patient?_id=test-patient-1&identifier=tenantId|org1

Status: 200

// empty body

PreviousMultitenancy NextEntities & Attributes

Last updated 2 years ago

Was this helpful?

PUT /AccessPolicy/org1-patient-policy Content-Type: text/yaml link: - id: org1 resourceType: Client engine: matcho matcho: "$one-of": - request-method: get params: identifier: "$one-of": - tenantId|org1 - "$contains": tenantId|org1 - request-method: post body: identifier: "$contains": value: org1 system: tenantId - request-method: put params: identifier: "$one-of": - tenantId|org1 - "$contains": tenantId|org1 body: identifier: "$contains": value: org1 system: tenantId - request-method: delete params: identifier: "$one-of": - tenantId|org1 - "$contains": tenantId|org1

Key concepts

Multitenancy setup and requests example

Add Client

Add org-1 tenant resource

Define AccessPolicy for multi-tenancy

Multi-tenant request examples

Key concepts

Multitenancy setup and requests example

Add Client

Add org-1 tenant resource

Define AccessPolicy for multi-tenancy

Multi-tenant request examples

Add `Client`

Add `org-1` tenant resource

Define `AccessPolicy` for multi-tenancy

Add `Client`

Add `org-1` tenant resource

Define `AccessPolicy` for multi-tenancy