The ability to host multiple isolated tenants in a single application is vital for most modern SaaS apps. It can also be one of the more difficult features to implement.
I’m going to discuss how I’ve implement this in multiple applications using AWS AppSync with Cognit User Pools.
Data and User Types
Before proceeding it’s important to cover the type of data and users your application has.
In any multi tenant application I’ve come across two types of data.
Shared Data
Shared data is common to all tenants using the application. It is typically maintained by the application owner. An example of shared data would be a list of countries.
Tenant Data
Tenant data is specific to one tenant and should never be accessible by other tenants.
Tenant (Regular) Users
Tenant or regular users are people who have access to one or more tenants. Within each tenant they may have different levels of access. For example: They may have full admin access in tenant A but only limited access in tenant B.
Admin/Support Users
These are typically staff working for company running the SaaS app. They may have the ability to manage shared data and may have unrestricted access to tenants in order to provide support.
Access
| Tenant Data | Shared Data | |
|---|---|---|
| Tenant User | Read/Write | Read |
| Admin/Support User | Read/Write | Read/Write |
Tenant users can access data for any tenant
- Tenants - Can access their own data and read shared data
- Application Admin/Support - Can access any tenants and shared data
Want to learn more about serverless applications and devops with AWS?
Sign up for our newsletter.