Data separation using ACL, based on user's Company, but certain users need access to multiple Companies

galavodasal · ‎01-29-2018

Hi all,

We recently configured a multi tenant environment and are looking to separate data based upon the user's Company. Originally, we had a read ACL on the task table where the only condition (other than role) was Company IS javascript:gs.getUser().getCompanyID().

This works fine if you're only dealing with a one to one relationship, but we're required to provide access to multiple companies for certain users.

Example, IT user John Smith's Company is ACME, but he needs access to view and write records where the Company is ACME, Disney, or AOL.

Looking for possible solutions using configuration as scripting on ACLs can hinder performance.

Is there a way to use the parent, so the task read ACL would be:

Company.Parent IS javascript:gs.getUser().getCompanyID.getParent()

Is this possible?

Thank you!

Daniel Draes · ‎02-14-2018

I am preparing an blog post on exactly this topic right now. Should be ready shortly...

In a nutshell: To avoid complex scripts and queries in the ACL itself I will be storing the companies a user has access to in the user session. This is a one-time operation at login and from there one an ACL can simple use that.

I'll update this thread once it is ready.

Daniel Draes · ‎02-14-2018

Was quicker than I thought... here is the post:

HowTo secure data access without impacting performance

Jen · ‎08-31-2018

This is exactly what I am looking for but have one additional wrinkle. What if you are using different modules on the platform could you use roles to say that if you are in company A you can only see the incident tickets but not the HR cases?

or how would your recommend handling that separation of data?

Thank you

Jen

Michael Ritchie · ‎08-31-2018

Jen roles would define which tables/applications that a user has access to. So user in Company A in your example would just have a role that entitles access to Incident and not HR.