Skip to main content
Version: v2.7 print this page

Tenants

Amorphic supports multi-tenancy which helps to segregate organizational data and manage multiple tenants within the Amorphic infrastructure. Multi-tenancy means that a single instance of the software serves multiple customers, each customer being a tenant. In this architecture, multiple groups of users share the same environment but their data is stored in separate databases and is logically isolated from each other. Currently, Amorphic's multi-tenancy environment is supported in Redshift type data lake only.

Amorphic tenants provide the following capabilities:

  • Complete isolation of users and resources within a tenant, so users belonging to one tenant can't access resources outside their tenant.
  • Ability to create and manage resources within a tenant.
  • Support for cross-tenant querying and handling analytic workloads.
Note

To use Multi-tenancy feature, Admins need to enable it. Reach out to admins if it is unavailable.

The following picture depicts the Tenant Management Console in Amorphic:

Tenants Home Page

What is a Tenant?

Tenants in Amorphic can be individual users or more commonly, groups of users, such as a customer organization, that share common access and privileges within the application instance. Each tenant's data is isolated and invisible to the other tenants sharing the application instance, ensuring data security and privacy for all.

Amorphic Tenants have multiple users attached to them and use access-tags and users to grant or revoke permissions to a user. They sit above Domains in the application hierarchy and contain localized domains and parameters. To create a Tenant, users must first attach a Domain and add resources under it.

Amorphic has two types of Tenants:

  • System Tenants are provided by the application by default.
  • Custom Tenants are created by users.

System Tenants: The system's default tenant is a basic application space provided to every user. It can be used to create resources like any other tenant, but user operations to update or delete the tenant are restricted. Users can be added or removed from the default tenant, and the access control remains the same as for any other tenant created in the system.

Custom Tenants: Amorphic Tenants allows application users to create customized Tenants by selecting existing users from a list.

For example, a user can create a custom "testorg" tenant and grant access to the "johndoe" user or any user accessible tags. Then, "johndoe" will be able to create resources under it. These resources are logically isolated from other users' resources. For more information, please refer to the "Create Tenant" section.

Note

Amorphic requires users to have one tenant attached to ensure no user is left without the ability to create resources within the platform.

How are tenants associated to an user?

In Amorphic, tenants help with separating organizational data and support multi-tenancy. Each user is given a default tenant called the "Default Tenant" which provides a basic area to create resources. Users only have one view of all accessible resources, not a separate interface for each tenant.

Visibility of users to others in the system depends on their role and permissions.

  1. Users with SystemAdministrators role or users who have a role with permissions Users.view will be able to see ALL users in the system.
  2. Users belonging to a tenant remain invisible to other users in the application unless they are part of a common tenant.

When a user shares access to a resource, the list of available users in the drop-down menu only includes users who have access to the same tenant as the granter. For example, if John (the granter with access to "TestOrgA" and "TestOrgB") is sharing access to a dataset, the drop-down menu will only show users who have access to "TestOrgA" or "TestOrgB".

Tenants Architecture

How to Create Tenant?

Tenants Create New Tenant

To create a new Tenant in Amorphic:

  1. Click on Create New Tenant To perform this action, you must have Tenant Permissions in the RBAC role.
  2. Fill in the required fields shown in the table.
TypeDescription
Tenant NameTenant Name, which uniquely identifies the functionality of the tenant.
Tenant DescriptionA brief explanation of the tenant typically the line of business or the organization for what it is used.
Display NameUser friendly display name which is used across the platform to uniquely identify the tenant

Tenant Operations

TypeDescription
Create TenantCreate a custom tenant.
View TenantView existing Tenant Metadata Information.
Update TenantUpdate an existing tenants’ description/display name.
Delete TenantDelete an existing tenant. Before deleting a tenant, users must delete all resources associated with it.

If a user has sufficient permissions they can view, update, and delete a tenant.

Tenants View tenant

Limitations

  • Multi tenancy is only supported for redshift datalake.
  • Users with cross tenant querying or analytic workload should choose the redshift node of type "ra3".
  • Currently the maximum number of tenants Amorphic supports is 60.