3 Replies Latest reply on Jan 14, 2019 7:58 AM by Steve O'Leary

    Multi-tenancy

    Steve O'Leary

      We have the following situation: we host several companies (thus "multi-tenancy") but we have a requirement to allow a certain subset of users the ability to modify assets for one company but not other companies. However, they should be able to see all assets, regardless of company. This means we can't use row level locking.

       

      For example:  Bob has permissions to see all Assets for Company A, B, and C, but not modify any of them (doesn't have Asset Admin permissions). However, he should be able to modify assets for Company D  - which means he needs Asset Admin, but then he would be able to modify any asset for any company, which we don't want.

       

      How would you go about this? What would be nice is a permission group to company relationship.

       

      We can put in code to control this (but would require a pile of code in a pile of places - to stop relationships from being created/modified, work log entries, etc.).

        • 1. Re: Multi-tenancy
          Mohammad Rehman

          We all know there is gap and BMC promised to fix this gap 4 years ago but till today no solution. You can more here Asset Editor and Asset Creator

          You may end up creating a custom permission role to implement this.

          • 2. Re: Multi-tenancy
            Shubham Verma

            Hi Steve,

             

            Try this

            1) Create a new Support Group - "Company D - Asset Managers"

            2) Assign Asset User permission to User Bob and make him member of the above Support Group.

            3) For all the assets that need to updated by Bob relate them to "Company D - Asset Manager" with "Managed by" relationship. you can build a custom spoon job or filter to automatically create relationship with Support Groups for a specific company (in this case Company D)

            4) Login with Bob and check, if he can edit the Asset for Company D.

             

            Let me know the results

             

            Regards,

            Shubham

            1 of 1 people found this helpful
            • 3. Re: Multi-tenancy
              Steve O'Leary

              That would only work if they weren't allowed to also create Assets. So, what we are going to do is this:

               

              1. Create a new Support Group

              2. Associate this new Support Group to each of the company's assets as "Managed By".

              3. Leave the User permission as Asset User and put him in this new Support Group (which allows Users to modify ones the Support Group "manages")

              4. Create a new form with which these users can create new Assets (stub records) which will, upon save, add this new Support Group as "Managed By"

              5. Then immediately open the record in Modify mode so they can finalize the creation

               

              This way we can allow users without Asset Admin to create certain assets.

               

              Problem solved.

              1 of 1 people found this helpful