Tenants
Amorphic supports multi-tenancy which helps to segregate organizational data and manage multiple tenants within the Amorphic infrastructure. Multi-tenancy means that a single instance of the software serves multiple customers, each customer being a tenant. In this architecture, multiple groups of users share the same environment but their data is stored in separate databases and is logically isolated from each other. Currently, Amorphic's multi-tenancy environment is supported in Redshift type data lake only.
Amorphic tenants provide the following capabilities:
- Complete isolation of users and resources within a tenant, so users belonging to one tenant can't access resources outside their tenant.
- Ability to create and manage resources within a tenant.
- Support for cross-tenant querying and handling analytic workloads.
To use Multi-tenancy feature, Admins need to enable it. Reach out to admins if it is unavailable.
The following picture depicts the Tenant Management Console in Amorphic:
What is a Tenant?
Tenants in Amorphic can be individual users or more commonly, groups of users, such as a customer organization, that share common access and privileges within the application instance. Each tenant's data is isolated and invisible to the other tenants sharing the application instance, ensuring data security and privacy for all.
Amorphic Tenants have multiple users attached to them and use authorization groups and users to grant or revoke permissions to a user. They sit above Domains in the application hierarchy and contain localized domains and parameters. To create a Tenant, users must first attach a Domain and add resources under it.
Amorphic has two types of Tenants:
- System Tenants are provided by the application by default.
- Custom Tenants are created by users.
System Tenants: The system's default tenant is a basic application space provided to every user. It can be used to create resources like any other tenant, but user operations to update or delete the tenant are restricted. Users can be added or removed from the default tenant, and the access control remains the same as for any other tenant created in the system.
Custom Tenants: Amorphic Tenants allows application users to create customized Tenants by selecting existing users from a list.
For example, a user can create a custom "testorg" tenant and grant access to the "johndoe" user or groups. Then, "johndoe" will be able to create resources under it. These resources are logically isolated from other users' resources. For more information, please refer to the "Create Tenant" section.
Amorphic requires users to have one tenant attached to ensure no user is left without the ability to create resources within the platform.
How are tenants associated to an user?
In Amorphic, tenants help with separating organizational data and support multi-tenancy. Each user is given a default tenant called the "Default Tenant" which provides a basic area to create resources. Users only have one view of all accessible resources, not a separate interface for each tenant.
Visibility of users to others in the system depends on their role and permissions.
- Users with SystemAdministrators role or users who have a role with permissions
Users.viewwill be able to see ALL users in the system. - Users belonging to a tenant remain invisible to other users in the application unless they are part of a common tenant.
When a user shares access to a resource, the list of available users in the drop-down menu only includes users who have access to the same tenant as the granter. For example, if John (the granter with access to "TestOrgA" and "TestOrgB") is sharing access to a dataset, the drop-down menu will only show users who have access to "TestOrgA" or "TestOrgB".
How to Create Tenant?
To create a new Tenant in Amorphic:
- Click on
Create New TenantTo perform this action, you must have Tenant Permissions in the RBAC role. - Fill in the required fields shown in the table.
| Type | Description |
|---|---|
| Tenant Name | Tenant Name, which uniquely identifies the functionality of the tenant. |
| Tenant Description | A brief explanation of the tenant typically the line of business or the organization for what it is used. |
| Display Name | User friendly display name which is used across the platform to uniquely identify the tenant |
Tenant Operations
| Type | Description |
|---|---|
| Create Tenant | Create a custom tenant. |
| View Tenant | View existing Tenant Metadata Information. |
| Update Tenant | Update an existing tenants’ description/display name. |
| Delete Tenant | Delete an existing tenant. Before deleting a tenant, users must delete all resources associated with it. |
If a user has sufficient permissions they can view, update, and delete a tenant.
Limitations
- Multi tenancy is only supported for redshift datalake.
- Users with cross tenant querying or analytic workload should choose the redshift node of type "ra3".
- Currently the maximum number of tenants Amorphic supports is 60.