Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Multi-tenancy with users being defined only once #5288


User avatar
0
sedulen created

Has anyone successfully implemented multi-tenancy with users being defined only once and not using the "Linked Accounts" feature.

Thanks


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    @sedulen do you want users to be unique amont all tenants ? If so, you can use AbpUserAccounts table and create a unique index on that table.

    Or you can check user's existance before a user creation on AbpUserAccounts table.

  • User Avatar
    0
    sedulen created

    @ismcagdas I'm not sure how I would use the AbpUserAccounts table vs the AbpUsers table. Ideally we would define all users in the AbpUsers or AbpUserAccounts table in the HOST database and then we would grant access of users to Tenants through the AbpUserRoles table but then I think we would have issues with how the user's profile information is managed since we would need that information to be retrieved from the Host instance information, rather than from the Tenant information.

  • User Avatar
    0
    alper created
    Support Team

    What's the point of user uniqueness among the tenants? It's out of multi-tenancy usage. If you really want to do that; you can check an existing user in UserRegistrationManager.cs > RegisterAsync() method and throw exception if there is an existing user.

    Something like this;

    using (_unitOfWorkManager.Current.DisableFilter(AbpDataFilters.MayHaveTenant ))
    {  
             var existingUser =  _userManager. GetUserOrNull(...);
              if(existingUser != null){
                  throw UserFriendlyException("oops, already registered!")
              }
    }
    
  • User Avatar
    0
    bbakermmc created

    In corporate usage its very normal. You segment clients data to own databases for isolation, internal users need to access multiple clients data to perform tasks. Having multiple accounts is annoying especially since you need to maintain roles and permissions cross clients, and when you on board a new client configure again. Ideally you would have to have a master set of users and limit their client access.