Heirartical tennant or other option

[minorityuk]

Hi

I am about to build a new saas multi tenant app and basically my tenant will be a company but each company has 1 to many locations.

People at these locations only really need to see their own data and at worse read only at other locations.

Guess another way is to create read and contribute role per locations but that seems wrong in my head.

My thoughts were to have contribute and read roles but I need to associate to locations so heirartical tenants make sense but I'd I need to allow them read access to another location would this be possible and easy for them to navigate between?

[AndrewTriesToCode]

Hi, sounds like you want the idea of a “sub-tenant”. The library doesn’t have any built in support for this and it’s a somewhat advanced use case. I recommend building in that one to many company/location directly into your data or domain model and use the company as the Finbuckle tenant and the location as something you handle in your domain logic.

[minorityuk]

Hi

I was thinking about handling in domain. Does the library allow for extending roles as I did consider adding a new column location to it so that I could add role by location to handle the fact users can read in one location and write in another.

Alternatively would be wise to create policy per location for read write and use this to handle filtering of location data.

My only other idea was to have it built into user profile where admin says which location they can access as primary. Then tick box to say view others as read.

[AndrewTriesToCode]

The library is agnostic to the Identity Entity models except that it was add and check for the tenant id as configured. If you want to add more properties and relationships you can certainly do so just like you would omit Finbuckle we’re not in the picture. The library will effectively add where tenantId == {current tenantId} to each query so keep that in mind.

[minorityuk]

Thanks for the quick reply.

With your guidance I am going with multi tenant without the sub tenant.

When user is created if role location-mamager or location-user is picked then location will be added to user object. Manager role will see all locations.

I plan to use your project in an api layer so my ui can be built separately in react or other technology.

One other question I had was I have an appadmin ui project which will manage the creation of tenants and also have functionality to create global data that I need to push down to all the tenants and keep updated with changes.

Is this possible with library.