Home > Software engineering >  How to ensure that tenants can never access other tenants' data in multi-tenant with shared db
How to ensure that tenants can never access other tenants' data in multi-tenant with shared db

Time:12-23

I'm implementing the multi-tenant with a shared database. But I met the problem when I want to query a table that belongs to a specific tenant.

For example: I have a table catalog that has relation to the tenant table, at application logic, I always do a query to check a catalog belongs to a specific tenant or not before having another query to handle catalog logic.

So is there any way to make sure the catalog belongs to the specific tenant without step checking because sometimes I forgot to add this validate step => doing on catalog does not belong to a specific tenant?

I use postgres as database, and sequelize as orm

CodePudding user response:

I think what you are looking for is "Row Level Security". In PostgreSQL it is implemented as Row Security Policies. It allows you to control access to specific rows for specific users.

If your tenants connect to the database using their DB users you can apply a policy:

CREATE POLICY tenants_catalog ON catalog 
    USING (tenant = current_user);

Page link:https//www.codepudding.com/Softwareengineering/238379.html

Prev:why is localhost:5000 denied in Express.js?
Next:RxSwift/RxTest How to test async function with Observable return
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding