Rob Fitzpatrick
ProgressTalk.com Sponsor
I wasn't sure where to post this as it touches on both deployment and development.
I have been reviewing the information on multi-tenancy that was provided at Revolution. I think I'm clear on the relationship between databases, tenants, domains, and users in the context of a 4GL client app. We can either use the client-principal or _user authentication, however the latter puts the onus on the application logic for the assertion of user tenancy. So far, so good (I think
).
I'm less clear on how this should work with WebSpeed agents. One of the differences here is that unlike a 4GL app, the application user (in this case logging in from a web browser) is not a database user; the WebSpeed agent is the DB user. Obviously, I only want that application user to be able to query on data belonging to the tenant he is associated with. But I don't know which tenant that is until I find his data to process his authentication.
So should the WebSpeed agents authenticate against the database as a super-tenant user, authenticate the user (somehow), determine which tenant the application user belongs to, assert that tenancy with SET-EFFECTIVE-TENANT, and then process his query/update/whatever? Also, with a stateless broker his next query could hit a different agent, so I guess it would have to know about his tenant affiliation as well, and act accordingly.
I'm fairly new to WebSpeed/AppServers so I'm at the limits of my understanding here. I'm just trying to get my head around the multi-tenant world and understand its implications for the various parts of our application solution. If anyone has played with the new OE11 MT features (or thought about them), I'd be interested to hear how they might be integrating MT into (or SaaSifying) their application. Thanks.
I have been reviewing the information on multi-tenancy that was provided at Revolution. I think I'm clear on the relationship between databases, tenants, domains, and users in the context of a 4GL client app. We can either use the client-principal or _user authentication, however the latter puts the onus on the application logic for the assertion of user tenancy. So far, so good (I think
).I'm less clear on how this should work with WebSpeed agents. One of the differences here is that unlike a 4GL app, the application user (in this case logging in from a web browser) is not a database user; the WebSpeed agent is the DB user. Obviously, I only want that application user to be able to query on data belonging to the tenant he is associated with. But I don't know which tenant that is until I find his data to process his authentication.
So should the WebSpeed agents authenticate against the database as a super-tenant user, authenticate the user (somehow), determine which tenant the application user belongs to, assert that tenancy with SET-EFFECTIVE-TENANT, and then process his query/update/whatever? Also, with a stateless broker his next query could hit a different agent, so I guess it would have to know about his tenant affiliation as well, and act accordingly.
I'm fairly new to WebSpeed/AppServers so I'm at the limits of my understanding here. I'm just trying to get my head around the multi-tenant world and understand its implications for the various parts of our application solution. If anyone has played with the new OE11 MT features (or thought about them), I'd be interested to hear how they might be integrating MT into (or SaaSifying
) their application. Thanks.