Authorization rules for a multi tenant system — Google cloud platform

  1. Each user needs to only have access to resources from that tenant.
  2. A user’s role depends on the tenant they are trying to access

GCP roles overview

Setup

Database Schema

Flattening hierarchical roles

Permission rules

Permission rules on storage_buckets

{ "_exists": { "_table": { "schema": "public", "name": "flattened_user_project_roles" }, "_where": { "_and": [ { "user_id": { "_eq": "X-Hasura-User-Id" } }, { "role_id": { "_eq": "storage_viewer" } }, { "project_id": { "_eq": "X-Hasura-Project-ID" } } ] } } }
{ "user_bucket_roles": { "_and": [ { "user_id": { "_eq": "X-Hasura-User-Id" } }, { "role_id": { "_eq": "storage_viewer" } } ] } }
{ "_or": [ { "_exists": { "_table": { "schema": "public", "name": "flattened_user_project_roles" }, "_where": { "_and": [ { "user_id": { "_eq": "X-Hasura-User-Id" } }, { "role_id": { "_eq": "storage_viewer" } }, { "project_id": { "_eq": "X-Hasura-Project-ID" } } ] } } }, { "user_bucket_roles": { "_and": [ { "user_id": { "_eq": "X-Hasura-User-Id" } }, { "role_id": { "_eq": "storage_viewer" } } ] } } ] }
{ "_exists": { "_table": { "schema": "public", "name": "flattened_user_project_roles" }, "_where": { "_and": [ { "user_id": { "_eq": "X-Hasura-User-Id" } }, { "role_id": { "_eq": "storage_admin" } }, { "project_id": { "_eq": "X-Hasura-Project-ID" } } ] } } }

Permission rules on user_project_roles and user_bucket_roles

Conclusion

--

--

--

⚡️ Instant realtime GraphQL APIs! Connect Hasura to your database & data sources (GraphQL, REST & 3rd party API) and get a unified data access layer instantly.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

[Note]Simple Disparity Calculation via NumPy以Python NumPy實現視差圖計算(Without Filtered)

So, Just What is PaaS (Platform-as-a-Service)?

Entire decision making process using data!

TJH-1 Weighing Load Cell

The Fruiting Season is almost upon us! May the B L O B reward us with plentiful sustenance 🧫🔬

The day I erased all the customer data

I work for a software development company, but I don’t code.

Remove BOM character from UTF-8 encoded file.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hasura

Hasura

⚡️ Instant realtime GraphQL APIs! Connect Hasura to your database & data sources (GraphQL, REST & 3rd party API) and get a unified data access layer instantly.

More from Medium

Elasticsearch Index Management

Reduce Networking Errors in NodeJs

How To Create A New GitHub Organization With An OAuth App Setup

Implementing trust for your enterprise API’s