Tenants
Not suitable as a security feature!
The Tenant feature is designed to enhance usability in the repository, reports, and dashboards, but it is not a security feature. Users from one tenant can access and view data from other tenants, for example, when using the Time Machine.
Multi-Tenancy ( Admin
/ Access Control
/ Tenants
) allows you to share one Txture instance among multiple tenants, each having their own slice of the overall data.
Introduction
Tenants provide an additional layer of access control that is independent of the structure. They are particularly useful when Txture is installed at a service provider, such as a datacenter, where multiple clients (Tenants) need isolated access to their respective assets.
How Tenants Work
- Each User and Asset can be assigned to one or more Tenants.
- A user can only access assets that share at least one assigned Tenant with them.
- When a user creates a new asset, it is automatically assigned to the user’s tenant. If the user belongs to multiple tenants, the asset will be associated with all tenants the user is a member of.
- Configuration options remain unaffected by tenants settings applied at the Txture instance level apply to all tenants.
This ensures that clients of a service provider can only manage and report on their own slice of the managed assets while maintaining global configuration consistency. - Only the admin user has visibility into which assets are assigned to each tenant.
Example: Datacenter Multi-Tenancy
Let's assume that Txture is installed at a datacenter.
This datacenter has three clients, Your Customer 1
, Your Customer 2
and Your Customer 3
.
There are also several users involved:
The setup above will result in the following visibility chart:
User | Docker Registry | Mailserver Vienna | CMDB Munic | CRM for D-A-CH region |
---|---|---|---|---|
Txture Administrator | ||||
Hanno Hybrid | ||||
Tina Trafo | ||||
Susan Support | ||||
John Doe |
This table exhibits a number of special cases which are explained below
Creating a new Tenant
New tenants can be added under Admin
/ Access Control
/ Tenants
:
- When creating a new tenant, aside from the name and description, you can choose whether you want to create a tenant that allows its users to modify assets.
- Finally, you can add Users to the tenant, or remove them from the tenant with the button.
Deleting a Tenant
A tenant can be deleted by selecting it from the list on the left, then using the delete button in the top right corner.
Deleting a tenant has the following side effects:
- The tenant will be removed from all assets to which it was assigned. This might remove the last tenant from an asset, making it visible only to Users without any tenant.
- The tenant will be removed from all users.
Removing the last tenant from a user
When removing the last tenant from a user (either by doing so explicitly, or by deleting the tenant), that user will be able to see all assets in accordance with the rules. When removing tenants, please make sure that no unintentional Tenant-less Users result from your operations.
FAQ
What happens if no tenant is assigned?
There are a couple of special cases which occur if either a user account or an asset has no tenant assigned.
-
If a user has no tenant assigned, this account is able to report all assets. This is usually the case for the "owners" of the Txture instance. User accounts with the
admin
Role typically have no tenants assigned and can see all assets. -
If a user has a tenant assigned, and there are no assets associated with this tenant, then this user will not see any assets. The Repository (and all Reports) will appear to be empty from the perspective of this user.
-
If an asset has no tenant assigned then it will be visible only to users who have no tenants assigned. In other words, assets without tenants will not be visible to users who belong to any tenant(s).
Can I have different Txture settings / a different structure for different tenants?
No. Tenants only allow to separate assets from different tenant users. Just as the settings, the structure is also the same for all tenants.