I've been tasked with setting up FreeIPA for my company. What we are looking to do is have multiple "admins" that can only manage and see the users that belong to their team. For example, we have three organizations in our company orgA, orgB, orgC. I want to appoint a manager from orgA to be able to create and edit users and groups that belong to orgA, but not be able to see anything that belongs to orgB or orgC. I found some documentation on the FreeIPA website, but it only appears to be a concept?
If anyone else has accomplished this or can confirm that it's just not possible, that would be helpful.
There is no support for multitenancy in FreeIPA and there is no plan to implement it. Separate organizations need their separate deployments.
Related
I'm working in a company which has multiple international websites and I wanted to asked you if it's more interesting to have just on Google Analytics 4 account for all the websites or should I keep an account for every website ?
We have currently 12 websites and it will grow this year so I want to setup the best things before all of this.
Thank you,
I tried to do an unique account for two websites but i can't split the metrics and the events were not working.
You may create one analytics google profile using this link https://analytics.google.com/analytics/web/provision/#/provision
BUT, I would create a separate account for every website. Otherwise it will probably create problems in the future reading data from API ( I mean in the back-end coding system), analysing the retrieved data since every time you need to filter based on the domain etc.
Plus, there are limitations for creating the customised dimensions and metrics. Of course, I suppose you are talking about separate businesses or better say, different clients.
Thank you for your answer.
I already have an account for every website and so a property = a website.
But what I wanted to know if it's better to have an unique property for all my website to have all datas in one property.
Thank you,
Interested to know if anyone has successfully implemented Superset as there customer analytics platform?
We are currently evaluating this, however, some struggle with restricting access to subsets of a dataset/source, or limit access to the specific row data.
For example companyB should only see data relevant to companyB. This is of course a mandatory requirement.
There are a lot of similar questions raised, so would be keen to know if someone has successfully accomplished this.
We are in the process of customizing superset to do something similar (without forking), though it doesn't involve row-level granularity. I was able to accomplish view-level access with a combination of FAB permissions and a custom security manager. Basically:
User logs into superset through OAuth2 with our API.
Security manager makes request to our API for a list of things the user can access.
Superset builds datasources only for those items.
For this to work, we created a custom role that forbids users from doing things like creating new databases/tables, and add each user to that role once they log in. At this point, you may want to make a connector for your own purposes so users can refresh datasources when they want/need to. Superset exposes a config setting for custom connectors so you don't have to modify source to load it. The Druid connector is a good example of this.
So, to answer your question: sort of. Table-level/view-level access control is definitely doable, though it will be a bit of effort. Row-level access control? Probably not, unless your database engine of choice supports row-level access control.
Are there any resources available that can guide someone on how to 'think' about the various components of a hosted / cloud solution before going ahead and starting to make a hosted application? If that made no sense, what I mean to ask is are there any guidance books/websites on what things need to be considered when making a cloud application?
I am attempting to make a hosted CRM-style software application that will serve many hundreds of customers. The application is powered by a SQL server database with many tables and a ColdFusion, HTML5, CSS, Javascript front-end. If I was installing this application and its components at each client site, then each installation is unique to that customer. But somehow I have to replicate this uniqueness in the cloud which is baffling me.
Only two things have come to mind so far:
The need for a unique database per customer in SQL server
The need to change DB connection strings per customer in the web application
My thought process has come to a block when I am trying to envisage how to design the application to serve so many different customers. Even though the application that all customers use will is the same (same DB tables, same front-end), the data that they store and retrieve will be specific to them. So I was thinking that surely each customer needs a separate database creating for them? Is it feasible to create a replica database for each customer? If I need to update some tables or add a new table, how would I do this for hundreds of different databases?
From the front-end I guess each unique customer log-in would change DB connection strings so that they can only access their database. Other than this I can't think of anything else that needs to change per customer basis.
When a new customer wants to sign up, it needs to be clear to me what I need to create for them to have access to the application. I guess this is ultimately what I need to think of but I'm stuck.
If anyone can suggest some things to think of or if there is a book or website on this kind of thing that someone could point me to I'd really be very thankful.
EDIT:
I was looking at an article about Salesforce.com and it says
"In order to ensure privacy of data for each user and give an effect of each having their own database, the data from different users are securely isolated from one another."
Anyone know how this is achieved or how it may be done?
Found some great information here. It is called multi-tenant database design and seems to be a common topic. Once I get the database designed then the application can sit nicely on top.
https://dba.stackexchange.com/questions/1043/what-problems-will-i-get-creating-a-database-per-customer
How would I fix so that 2 vBulletin forums share the same database?
And do not tell me it is not possible, cause it is.
http://MMOwned.com
http://FPSOwned.com
If it's just a predefined set of tables that you want to share you may be able to use the FEDERATED storage engine to "share" a table across two separate databases or perhaps the MERGE storage engine to effectively share a MyISAM table across two databases.
I'm not sure what fun and games you might run into with counters, etc inside vBulletin.
Have you had a good look on the vBulletin.org forums or asked the owner of mmowned.com how they did it?
I am required to work on a php project that requires the database to cater to multiple users. Generally, the idea is similar to what they have for carbonmade or basecamp, or even wordpress mu. They cater to multiple users, whom are also owners of their accounts. And if they were to cancel/terminate their account, anything on the pages/database would be removed.
I am not quite sure how should I design the database? Should it be:
separate tables for individual user account
separate databases for individual user account
or otherwise?
Kindly advise me for the best approach to this issue. Thank you very much.
How many users are we talking about?
Offhand, I like the idea of having a separate database for each user account. There are many advantages:
You can keep the schema (and your application code) simple
If a user ever wanted a copy of their database you could just dump it out and give it to them
You can easily take care of security by restricting access to each database to a given user account
You may be able to scale out more easily by adding more database servers, since you are using separate databases (there would be no common tables used by all users)
Of course, this could be a bit painful for you if you need to deploy updates to hundreds of databases, but that's what automated scripting is for.
The idea of having separate tables for each user seems like a coding nightmare. Each time you reference a shared table you will have to modify the name to match the current user's copy.