🎓Multitenancy via AccessPolicy
Build Multitenancy with AccessPolicy
Aidbox stores all the tenants in a single database and serves number of them at once. It obtains tenant-id
from each request and returns the data belonging to the tenant.
Key concepts
All resources have to be created with the
tenant-id
tenant id
is stored within theidentifier
attribute at the resourceAccess policies require
tenant-id
parameter in each request
Multitenancy setup and requests example
Add Client
Client
There are several ways to create client. We use the simplest one to do it: Basic Auth.
PUT /Client/org1
Accept: text/yaml
Content-Type: text/yaml
id: org1
secret: secret
grant_types:
- basic
Add org-1
tenant resource
org-1
tenant resourceCreate patient providing it's tenant-id
in the identifier
property.
PUT /Patient/test-patient-1
Content-Type: text/yaml
id: test-patient-1
identifier:
- system: tenantId
value: org1
name:
- given:
- John
gender: male
Define AccessPolicy
for multi-tenancy
AccessPolicy
for multi-tenancyCreate access policy to ensure tenant-id
is provided in all requests.
PUT /AccessPolicy/org1-patient-policy
Content-Type: text/yaml
link:
- id: org1
resourceType: Client
engine: matcho
matcho:
"$one-of":
- request-method: get
params:
identifier:
"$one-of":
- tenantId|org1
- "$contains": tenantId|org1
- request-method: post
body:
identifier:
"$contains":
value: org1
system: tenantId
- request-method: put
params:
identifier:
"$one-of":
- tenantId|org1
- "$contains": tenantId|org1
body:
identifier:
"$contains":
value: org1
system: tenantId
- request-method: delete
params:
identifier:
"$one-of":
- tenantId|org1
- "$contains": tenantId|org1
Multi-tenant request examples
Search the Patient
with the correct tenant-id
returns the resource.
GET /Patient?identifier=tenantId|org1&_id=test-patient-1
Update the Patient
resource.
PUT /Patient?identifier=tenantId|org1&_id=test-patient-1
Content-Type: text/yaml
identifier:
- system: other
value: foo
- system: tenantId
value: org1
name:
- given:
- John
gender: male
Read updated Patient
resource.
GET /Patient?identifier=tenantId|org1&identifier=other|foo
Delete Patient
resource.
DELETE /Patient?_id=test-patient-1&identifier=tenantId|org1
Last updated
Was this helpful?