[Hawkular-dev] Tenant Id - Not Part of URL
Juraci Paixão Kröhling
jpkroehling at redhat.com
Wed Apr 29 13:01:48 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/29/2015 06:46 PM, Lukas Krejci wrote:
> Well, for inventory, we're considering dropping the context of a
> tenant altogether.
>
> Accounts don't work with a tenant in a usual meaning of that word
> very well - in accounts there is nothing like an isolated "island"
> that cannot be accessed by anyone outside of that island.
>
> Instead, accounts work with a hierarchy of organizations, of which
> users can be members of (and have different roles in) and
> impersonate them.
Actually, this is a requirement we got based on the demos and
discussions that followed them. Accounts can be changed to fit
whatever definition of tenants that we might want.
The use case that led to the current model is:
- - Company "Acme, Inc" has the following departments:
- -- finances
- -- marketing
- -- operations
Finances cannot see the data from Marketing and vice-versa.
Neither finances nor marketing can see data from operations, but
operations should be able to view and/or manage data from both,
including its own.
As we also have "users", the concept of tenant in accounts is then an
abstraction of "users" or "organizations" (company, department, ...).
It's called "persona" because an user might be impersonating a company
when doing some action (ie: jdoe is creating an EAP instance on behalf
of "Acme, inc").
So, as far as the end component (metrics, inventory, ...) is
concerned, all operations belonging to "Acme, Inc" are done by "Acme,
Inc" (who the final user is shouldn't be relevant to the component).
> In inventory, we're using tenants rather loosely - while they form
> a root of the path to any other entity in inventory, it is not
> disallowed to link entities from different tenants.
I believe you know this better than I do, but just make sure that this
model would fit the use case above.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVQQ58AAoJECKM1e+fkPrXhd8IAIOGChSGBaWbDcEBjbK1Hr97
yMbUV8PYDO2b8dtJ0x5B7yntMk/eD03NsSWHJQuglljA+V3m5gkgiUTgzZUgV9/j
h25z6HrtbevMGwEE275Jva9/UiePNY02dShN6X9gk/3I3AXz8NnJ7m6ZM3jIt4tB
AlD/t7Z9/eOlnNpjpIAvwwXh/aSUPkWzbH2gWVIkCxQVUNplpsThwyPcLmtqbvMd
2H5mp7WkToUK3XFxvN+bBHYAAdBHOJ+sPRrgJGg87Jg/KXbr+7WhZETzDn9euqoa
m3Iu3B7Itd+UcHGAaTlVHrQMzBx61Jn6TrPeZRt5ekx9j92tKSGX+3kOcF0KyaQ=
=xZJy
-----END PGP SIGNATURE-----
More information about the hawkular-dev
mailing list