I can imagine that sone people may want to use the filter concepts to do multi tenant also.

So an org has certain roles and users. When an org connects we detect the org via sone header ( or otherwise ) and then apply the org filtere on all queries and mutations . It’s a middleware guard that is always applied.

the roles and users are available to that org user over the introspection api too based on org , so that any IDE is multi tenant aware.

I don’t know if the filters conceit would be enough to restrict table access.


We have a concept of namespace you can OptionSetNamespace(string) when creating the core instance or use SetNamespace(string) on the ReqConfig object for a per request setting. Namespaces are a way to group queries in the allow list. Query names are prefixed with the namespace. However it does not apply to configs like the table / role configs.

At the time I couldn't think a good usecase for namespace level filters. You could do what you suggested with a single tabel level { tenant_id: { equals: $tenantID } } filter and set the tenantID variable using ReqConfig


Across databases its better to just have multiple instances of GraphJin core but as I understand you're suggesting this as a way to tenant within a single database correct?


Yeah I am interested in multi tenant with single db.

It’s to save costs . A team with many services could use the one db and so save money and complexity.


I don’t understand how that helps a team ?

Let’s say you have 10 orgs using a single db

Each org has their own services. Say service A to D , so 4 services in their middle tier. I guess each on runs graphjin core .

Each org shares roles , users and user to groups mapping . Typically an orgs services like to reuse their roles / users between their services. It’s a reasonably assumption.

Each org would basically be isolated from the other orgs.

That’s what I see as an archi type very often .

mid org 1 outgrows the shared db, they migrate to their own db layer .


I'm taking about the mechaism of achieving what you originally thought about "apply the org filter on all queries and mutations". We could achive this using the role mechanism even without adding multiple roles you could just define a role using a role_query or passing it in with the request and what you originally wanted would happen.


yes you would have all that if we had multiple roles so a person A could have the roles "member_of_org_1, viewer, admin" and person B could have the roles ""member_of_org_2, viewer, user"


Hey @dosco

I got stuck on setup.

I cant connect using cockroach. Hope you don't mind me trying it, even though not officially supported.

heres the issue:

make ex-start
WARN    database ping: failed to connect to `host=localhost:26257 user=root database=defaultdb`: hostname resolving error (lookup localhost:26257: no such host)




### DB 


        brew install cockroachdb/tap/cockroach
	which cockroach

        # start it in insure mode.
	cockroach start-single-node --insecure --store=attrs=ssd,path=$(PWD)/cockroach-data --listen-addr=localhost:36257 --sql-addr=localhost:26257

### EX



Still trying to work it out :)

This golang web admin can connect with that $(DB_URL).


