I have had good luck with security barrier views and performance. The main
thing security barrier does is ensure that where statements are processed
correctly.
The big consideration IMHO is how many tenants are you dealing with. A
couple of tenants, then best to give them separate databases. More
DBA=~super user
If your clients have dba privs you need separate (vertical)servers
Hi Stephen,
Note that views aren't actually guaranteed to provide the isolation
you're looking for unless you mark them as being a security barrier,
see: https://www.postgresql.org/docs/current/rules-privileges.html
By using Security Barrier we had a huge impact on performance , it was not
consi
Greetings,
* Jagmohan Kaintura (jagmo...@tecorelabs.com) wrote:
> Yup right now data is being accessed in this manner only.
> application access using tenant user only who have specific tenantId in
> that session and can see its own data only. It doesn't know about anyone
> else's data and neither
Hi Tim,
Yeh datatype is even not supported right now. As tenantId is numeric and
encryption/decryption would go through text/bytea , so even tougher to
encrypt that column data.
On Thu, Feb 11, 2021 at 7:38 AM Tim Cross wrote:
>
> Jagmohan Kaintura writes:
>
> > HI All,
> >
> > For POstgreSQL
Hi Guyren,
Yup right now data is being accessed in this manner only.
application access using tenant user only who have specific tenantId in
that session and can see its own data only. It doesn't know about anyone
else's data and neither can get/fetch.
So isolation is 100% guaranteed right now.
An interesting option is to make your tenants work through views, and have the
views work through a variable that contains the tenant’s id. There would be a
bit of coding, but it would be the same for every table, so you could automate
it easy enough.
When you’re done, client software just sets
> On Feb 10, 2021, at 6:45 PM, Tim Cross wrote:
>
>
> Jagmohan Kaintura mailto:jagmo...@tecorelabs.com>>
> writes:
>
>> HI All,
>>
>> For POstgreSQL database to store data for multiple tenants, the approach
>> decided was to have
>> Shared Database (Holding data for all tenants)
>> =>
Jagmohan Kaintura writes:
> HI All,
>
> For POstgreSQL database to store data for multiple tenants, the approach
> decided was to have
> Shared Database (Holding data for all tenants)
> => Data would be segregated on basis of some additional column
> (tennatid,different tenants having dif
HI All,
For POstgreSQL database to store data for multiple tenants, the approach
decided was to have
Shared Database (Holding data for all tenants)
=> Data would be segregated on basis of some additional column
(tennatid,different tenants having different tenantId)
=> Data would b
10 matches
Mail list logo
