Versions Compared

Version Old Version 30 New Version 31
Changes made by

Jim Wilson

Jim Wilson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • It is debatable whether multi-tenant is appropriate to describe this feature, but the name has stuck, so we’re using it.

  • role is a critical feature of authorization in this requirements document. In this requirements document, we will use role-related terms as follows:

    • Score role: One of the built-in Score roles (Admin + Developer, Admin + End User, Developer, and End User)

    • Auth0 role: A role defined in Auth0 (this is not relevant for Phase 1 design)

    • tenant: An Auth0 role defined for the purposes of enabling the requirements expressed in the document.

    • role: The meaning could be any of the above depending on the context in which it is used. Jim Wilson recommends avoiding use of role in favor of one of the three terms above.

  • access BIEs refers to creating, editing, viewing, and expressing BIEs (anything with BIEs)

  • BC: an initialism abbreviation for Business Context

  • Dev/Admin: a user in the Admin+Developer Score role

  • user's tenancy: refers to association of a user to tenants, or more specifically, the association of a user to a valid value specified for the Tenant context scheme

  • Tenant context scheme: The context scheme specified in Score with the name Tenant

Background

OAGi needs:

  1. to enable multiple sets of users to use one Score instance

  2. to be able to limit access to BIEs created by one set of users to members of that set, and other select sets as appropriate

...

  • Mary can access all BIEs because she is a Dev/Admin. Dev/Admins can access everything.

  • Matt can only access:

    • BIEs in a business context that include the Tenant context scheme value ACME Brick, which is the Construction business context.

    • BIEs in a business context that does not include any Tenant context scheme value

  • Tess can only access BIEs in a business context associated with the AgGateway tenant.

    • BIEs in a business context that include the Tenant context scheme value AgGateway, which is the Agriculture business context.

    • BIEs in a business context that does not include any Tenant context scheme value

  • Ross can only access BIEs

    • BIEs in a business context that include the Tenant context scheme value ACME Brick, which is the Construction business context.

    • BIEs in a business context that include the Tenant context scheme value AgGateway, which is the Agriculture business context.

    • BIEs in a business context that does not include any Tenant context scheme value.

Implementation

Info

Accedia manages this section.

Update database structure

We plan to start the multi-tenancy implementation with the following DB changes:

  • Replace the organization column in the app_user table with a foreign key to a new table, called organization, that will be used for the tenants

  • Create a mapping table between organizations and business contexts (many-to-many) that will keep track of each tenant’s access to BIEs in a certain business context

Phase 2 Design (in progress)

Identity Provider

OAGi has an Auth0 account and has been using it for #E authentication and authorization. Following are a couple of screen captures that illustrate how it can be configured to support Score multi-tenant.

...