I’m need a little help here for some best practices setting up a multi-tenant style app with data needing to be segregated by Company, each Company having multiple Users and datas.
- My app is currently set up using the Sub Apps structure
- My company is using the application, another company has just begun, and a third is (hopefully!) starting soon
- I’m finding out that cost is a major downside to the sub apps model, so I want to move this to a multi-tenant model with all Companies sharing a single set of databases.
- Every tenant is tied to a unique Company record
- Every piece of data has a single Company ID
- Every User has a Company and every Privacy Role is set up to limit data access to Current User is logged in and DATATYPE’s Company is Current User’s Company
Is my third assumption above sufficient to limit access?
does the privacy model need to be “duplicated” in every Search and workflow in the application?
- For instance: if a tenant wants to view all of their Records, does the Search need a Company is Current User’s Company constraint OR does the privacy role already established handle this need?
- Is this the correct way to set up privacy roles for a SAAS application at all? Or is there a best-practice I’m missing?