Tenants (Beta)
To use Multi-tenancy feature, Admins need to enable it. Reach out to admins if it is unavailable.
Tenants in Amorphic helps us to segregate organizational data and support multi-tenancy. This feature helps the users to create a multiple tenants within Amorphic infrastructure. Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers. Each customer is called a tenant. In this multi-tenant architecture, multiple groups of users using the application operate in a shared environment. Each tenant is integrated physically but are logically separated. Each tenant's data is stored in a separate database and is logically isolated and remains invisible to other tenant users. Multi tenancy environment is currently supported to redshift type of datalake only.
Amorphic Tenants provides the following capabilities:
- Complete isolation of users and resources withing a tenant. Users belonging to a tenant wouldn't be able to access resources outside or which it is not part of.
- User can have multiple tenants attached and has the ability to create/update resources within the tenant.
- Support for cross tenant querying and handle analytic workloads.
The following picture depicts the Tenant Management Console in Amorphic:
What is a Tenant?
A tenant can be an individual user, but more frequently, it’s a group of users—such as a customer organization—that shares common access to and privileges within the application instance. Each tenant’s data is isolated from, and invisible to, the other tenants sharing the application instance, ensuring data security and privacy for all tenants. Amorphic Tenant's can have multiple users attached to it and uses Authorization groups and users to grant or revoke permissions to a user. Amorphic Tenants sit above Domains in the application hierarchy. Tenants contain localized domains and parameters. Users need to create tenant first, attach a domain and add resources under it.
In Amorphic we have two types of Tenants:
- System Tenants : Which are provided by the application by default.
- Custom Tenants : Created by users.
System Tenants: System default Tenant is a basic application space which is provided to every user. Users can use this default tenant to create resources underneath it like any regular tenant. User operations to update the tenant or delete are restricted.User operations to update the tenant or delete are restricted. Users can be added or removed to a default tenant and the access control for this remains the same as any other tenants created in the system.
Custom Tenants:
Amorphic Tenants provides application users flexibility to create customized Tenants by selecting users from a list of users existing users in the application.
Example: User can create custom "testorg" tenant and provide access to "johndoe" user through authorized uer or groups. User "johndoe" then will be able to create resources under it.
These resources are organized and logically isolated from other users. Please check the how to create new section for more details Create Tenant
Amorphic makes it mandatory for user to alteast have one tenant attached. This will make sure no user is isolated without any permissions to create resources within the platform
Amorphic Tenants contains the following information:
Tenant Metadata Information
| Type | Description |
|---|---|
| Tenant Name | Tenant Name, which uniquely identifies the functionality of the tenant. |
| Tenant Description | A brief explanation of the tenant typically the line of business or the organization for what it is used. |
| Display Name | User friendly display name which is used across the platform to uniquely identify the tenant |
How are tenants associated to an user
User belonging to a tenant remain invisible to other users in the application unless if they are part of a common tenant.
As part of Amorphic Tenant, every user is provided with one default Tenant called Default Tenant which provides basic application space to create resource under it.
Please note, user wouldn't have a separate UI interface for each tenant. User will have a single pane view of all the resources which are accessible.
User's can make use of Authorization users and groups feature to share the tenant across other users. User visibility to other users in the system depends on two things
1. Users with SystemAdministrators role or who has a role with permissions `Users.view` will be able to see ALL users in the system.
2. Users belonging to a tenant remain invisible to other users in the application unless if they are part of a common tenant.
When a user is trying to authorize a different user to a resource ( Authorized users or groups ) the user list drop down will only contain the list of users who are part of the granter’s tenant list.
Example: If user John ( granter , has tenant access called `TestOrgA` and `TestOrgB` ) is sharing access to a dataset. In the user drop down list, John will only see users who have access to `TestOrgA` or `TestOrgB`
(Source : liquidweb)
Tenant Operations
Amorphic Tenants provides all the basic CRUD (Create, Read, Update and Delete) operations for a tenant
- Create Tenant : Create a custom tenant.
- View Tenant : View existing Tenant Metadata Information
- Update Tenant : Update an existing tenant.
- Delete Tenant : Delete an existing tenant.
Create Tenant
You can create new Tenant in Amorphic by using the “New Tenant” functionality of Amorphic application.
In order to create a new Tenant, you would require create Tenant Permissions in the RBAC role. Please follow the below animation to create a new tenant information in detail
View Tenant
If the user has sufficient permissions to view a tenant, He/She can view all the existing tenant information by clicking on the Tenant Name under the Tenants section inside Management Menu.
Please follow the below animation to view the tenant information in detail
Update Tenant
If the user has sufficient permissions to update a tenant, He/She can view all the existing tenant information by clicking on the Tenant Name under the Tenants section inside Management Menu and by clicking on the Edit Tenant option from the right side menu. This will re-direct you to a different page where you can start editing any of the Tenant metadata. Users can only update description/display name of a tenant.
Please follow the below animation to update the tenant information in detail
Delete Tenant
If the user has sufficient permissions to delete a tenant, He/She can view all the existing tenant information by clicking on the Tenant Name under the Tenants section inside Management Menu and by clicking on the Delete Tenant from the right side menu. Prior to deleting a tenant, user is restricted to delete all the dependent resources which are created under a tenant.
Please follow the below animation to delete the tenant.
Limitations
- Multi tenancy is only supported for redshift datalakes.
- Users with cross tenant querying or analytic workload should choose the redshift node of type "ra3".
- Currently the maximum number of tenants Amorphic supports is 60.