I am creating a Multi Tenant application which each individual Tenant will have their own list of users (able to login as well).
As this is the first time I am developing such application I am unsure what is the best practice to store those sub users under every Tenant.
Current design:
Master User Database (stores login credentials of multiple tenants)
Tenant Database (each tenant will have their individual database)
To allow individual Tenant to have their own sub users, I am thinking to add a new Table under individual Tenant Database. Another way is to add a new Table under Master User Database which will store all those information.
Also, the login should be done at a centralized login portal whereby Tenant or sub users will do the login there and will redirected accordingly.
But after logging in, I am unsure if it is best to redirect to Tenant sub domains or a general dashboard.
Anyone have experience in these and can give me some solid suggestions?
EDIT 2017-04-20: On another thought, I think that it might not be advisable for sub users of Tenant to store in Master User Database since it will be exposed? But if users are to be stored in individual Tenant database then how can a centralized login portal works?
Very Simple You need to create tenant sub user into master user table as well, then your single login page will work.
Related
I have multiple websites that share the same database but I am having a problem when creating the admin.
All these websites were sharing the same login and registration table. I could not make the emails column unique in the mysql db since same user can come across another website and sign up.
These became a problem since the users were creating multiple accounts on the same website. These made it hard to track customer orders. A user could create an order on website A, then create another account on the same website. So they could not access the order they created using account A.
I decided to create unique login table for each website. This solved the problem.
All these users from these websites channel order to one table and database.
The login tables have similar columns (user_id,first_name, last_name,email, password_hash, registration_date).
I am creating a single admin to manage these websites and users.
I would like you to help me find a way that I can have a view that will get users from all the login tables or you suggest alternative solution on how I can have a centralized table to access all the users registered from all websites.
I am unable to create a view since the login tables have similar user_id as the primary key.
I'm trying to build a Multi tenant SaaS application, and i know there are multiple approaches to that, but i picked the multi-database one i think it would fit most.
so I create a db for each tenant and store a table of tenants in the main db
and connect users to their respective db based on the subdomain.
now my issue here is where to store the users, in the main db? or the tenant db, storing the users in the main db is going to make it difficult to get user related models in other db's, but storing it inside tenants db would make it difficult to authenticate on all users ...
also what's the best scenario?
authenticate, get jwt token.
send token with each request.
on each request validate token, check subdomain, connect to respective tenant db, execute request.
is this a good approach? what should I do with the users table issue?
ThnQ
I can offer third option. Have user both in tenant and main db. You can then create procedure to update main db when user changes in tenant db (or vice versa).
Also, I don't know models in Laravel, but MySQL doesn't have problem with cross database JOINs.
Good option will be to keep users in tenant database. As you are distinguishing your tenant based on sub-domain, you can tell your authentication system to query sub-domain specific database.
Sharing flow of authentication
User hits the sub-domain to login for application
User credentials will be sent to application
Before passing credentials to authentication, decide database for user authentication based on sub-domain from which user came.
Pass database name, user credentials to authentication system
Authentication system query specific database and authenticate user
Generate session
i am new to codeigniter. For a project i have three users. SuperAdmin,Admin and users.
There are base controllers :
Superadmin_Controller,
Admin_Controller,
User Controller
which all extends to MY_Controller.
The SuperAdmin will create admin,
We can also set how much users a admin creates. I want that whatever number of user admin asks he can only create that much users.
Till now I have managed to create different credentials for all these users. Now I want to set permission of creating the users to number of users he asked for(no of users fetched from database). So basically what I want to understand is is there any way from which I can restrict the admin to create specific number of user? Please suggest a tutorial.
You can have 2 fields in database for admin i.e. "users_limit","users_created" where you can store how many no. of users can be created through admin into "users_limit" and increase value of "users_created" value by 1 whenever admin adds the user.
Check the condition whenever admin creates users
if ((users_created+1)<users_limit){
/* allow creating user*/
} else {
/* Not allowed */
}
I am trying to create roles and permissions functions in php. I have checked some tutorials
A Better Login System
RBAC in PHP
but it is not clear that the permissions are that of the ones granted by mysql or they are improvised in php.
For example if I have roles like admin and user and developer, so should I have to create different users in database and then use those to perform different operations or should I create one root user and then control the access in php. To me it seems like the database should restrict it by having different users.
First clear yourself on roles & permissions. In front end these are different things to provide access to certain pages & changes.
As per your question let me tell you the roles as Admin/User/Developer can be managed by MySQL user rights. MySQL user rights restrict user access on tables, creating tables,deletion and insertion etc. Now if you create different users in database with custom user rights you will have to include different connection credentials for each of the users.
Further in controlling PHP pages restrict user access with user pages assignment by php codes.
If you are really going for custom access management module. I would recommend you to create role table where roles will be placed
table:role
Columns:
id (pk, auto-increment)
role_name (Varchar)
keep 'role_id' in the user table.
you don't need to create a separate table for user_role since each use will have one role.
But if you are planning to have completely page level access.. You would need that table and a UI should be created where you would assign pages (access) to the user while creating a user.
If you are using any framework, do look for the available apis. YII has a very good security feature which access rules and filters are defined.
I'm trying to create a web application for a dental laboratory where admins and clients, all users, can log-in and access to some specific data accordingly to their rol. Admins can create, modify and delete data, clients can only check information about their debts and purchases. My question is: Should I store all users, that's admins and customers, in a single table? or should I isolate them by creating two tables for each specific rol and set a in the log-in form where they can pick to log-in as customers or admins? It affects the overall performance somehow? Thanks.
You should use single table for all the users.
And for distinguishing admin and client you can add one extra column in the table which specify whether user is admin or client.
Please use one table "users" for all user type with different group_id for differentiating admin and customer. Then make a group base permission in you code.