Hi,
We're looking to use Cerbos and Cerbos Hub to ...
# helpo
Oliver Nixon
06/07/2024, 3:19 PMHi,
We're looking to use Cerbos and Cerbos Hub to secure our multi-tenant application. I don't think that the multi-tenant samples I've found would be flexible enough for our needs (users can me members of multiple tenants and have different permissions in each) and so I'm currently exploring the "SaaS Analytics Workspaces" sample as an option.
Couple of questions...
• I guess firstly, is that a good idea for representing tenants rather than workspaces? What should I be weary of?
• How would the principal workspaces object from the sample be represented in a schema? (highlighted red in the screenshot)
I'm suffering from staring at a blank page so it would be good to get some basics sorted which we can build on.
Thanks in advance.
a
Andrew Haines (Cerbos)
06/10/2024, 9:40 AM
Hi Oliver! Have you seen the multitenant SaaS demo (also available on the playground)? It has flexible cross-tenant role assignments where different tenants have different authorization requirements.
Basically though, I think the idea of including tenant assignments on the principal object is sound. The only potential pitfall I can see is if that could grow to be very large (i.e. you have a huge number of tenants and some users can be individually assigned to most of them).
To validate this sort of mapping object with a JSON schema, you can use
additionalPropertiespropertyNames Copy code
{
"$schema": "<https://json-schema.org/draft/2020-12/schema>",
"type": "object",
"properties": {
"workspaces": {
"type": "object",
"propertyNames": {
"pattern": "^[A-Z0-9]{12}$"
},
"additionalProperties": {
"type": "object",
"properties": {
"role": {
"type": "string",
"enum": [
"OWNER",
"MEMBER"
]
}
},
"required": [
"role"
]
}
}
},
"required": [
"workspaces"
]
}Andrew Haines (Cerbos)
06/10/2024, 9:41 AM
Also, if you want a hand getting started, you can book a free workshop with us!
3 Views