Multitenancy - questions and problem v2.1.3

mortoza_khan · February 17, 2024, 10:05pm

Hi
I am trying to use multitenancy add-on again after I tried last year as I think Jmix v2.x is now getting it’s maturity.

I have some questions:

How can I create the tenant-specific admin role? In the classic add-on, there was an option to create the admin role at the time of creating the tenant but I do not see it anymore. The user guide doesn’t provide such indications either.
For the tenant-specific admin role, I want to give limited access for example, the full application has 3 different modules as options like payroll, CRM, and sales order and I want tenant1 to have access to payroll only whereas tenant2 has access to CRM and sales order, etc. accordingly when the respective admin will assign roles, the admin will not see those roles which is beyond the modules assigned to him or will not see the menu, Entity, View to select while creating a new role for the respective tenant users. If this is not supported out of the box of the add-on, how can this be achieved?
I have created two Entities (Customer, Country), and the Customer entity has tenantId field as suggested. However, when I log in using one of the Tennat users, I still see the tenant field in the list and detail screen. As per the user guide, this field is supposed to be hidden for any tenant users but populated in the backend.

I have attached a sample application, thanks for any help.
multitenantSample.zip (134.5 KB)

nelsonf · February 19, 2024, 3:59pm

Hi @mortoza_khan, In my experience and from what you say, you should proceed as follows:

Create role
Assign permissions
Restrict access to tenantId field

This automatically removes access to the tenant field of all your views from users who are assigned to that role.

Now what happens and I’m sure it happens to you is that even if the user is associated to the role, if that user tries to create a role, then he can see absolutely everything (regardless of the limits imposed). Several days ago I asked for help on this, but so far I have not implemented it. It is time to validate if this solves the permissions assignment issue completely by limiting the assignments.

I hope I helped you.

Saludos,

Nelson F.

mortoza_khan · February 19, 2024, 7:35pm

Hi Nelson
Very interesting. Thanks for sharing your work. Which version of Jmix are you using?
I am very interested how in knowing how it goes and would appreciate if you share the outcome of your further efforts.

nelsonf · February 19, 2024, 8:40pm

2.1

Sure, once we have more conclusive results, I will let you know how things are going. For the moment I am working hard on the requirements, and then I will review the tenant issue again.

mortoza_khan · February 21, 2024, 4:31pm

Hi Nelson
I wanted to say, you have created a nice UI to manage the roles, and everything in one big screen that we need and this is missing in Jmix studio today. There used to be a similar UI in CUBA though and I expect the Jmix team is bring that back in Jmix 2.

mortoza_khan · February 24, 2024, 4:17am

Hi Nelson,
Going to my question #3 in my post above, do you have the same issue or you have overcome from it, thanks for sharing.

nelsonf · February 29, 2024, 11:25pm

I don’t have this problem, if you restrict the tenantId field it is no longer visible to users in the GUI. I don’t know if this answered your question.

mortoza_khan · March 17, 2024, 7:04pm

That is not happening in my case!

nelsonf · March 18, 2024, 2:33pm

To understand you well, let’s go by parts so far you managed to implement the Tenant plug-in but it does not allow you to restrict the tenantId field, is that so?

mortoza_khan · April 22, 2024, 3:49am

Yes that’s right.

mortoza_khan · April 23, 2024, 3:37pm

@nelsonf Any suggestions?

nelsonf · April 23, 2024, 4:20pm

Do you have ways of sending a small example where I can see what is happening to you and see what might be happening?