Question

Rights can not be applied because of multiple tenants applied to one application

  • 13 January 2022
  • 2 replies
  • 33 views

Userlevel 3
Badge +7

I upgraded our applications in a single IAM with multiple tenants. There are 2 tenants and one user from one tenant has access to different applications. We achieved this by making a new tenant, create 2 usergroups, for each tenant 1, and then aply the user rights to IAM. Works fine. However, when I try to upgrade these applications I have the following error displayed while trying to applying the roles to the database:

I bypassed the situation by removing the authorisation before applying the roles to the database and recreate the authorisation afterwards.

 

Why is this not possible?

 

(using TW platform 2021.3)


2 replies

Userlevel 5
Badge +9

Two tenants can have the same group name with different roles. For example:

Tenant A - User group Sales - Roles: Salesrole1, Salesrole2
Tenant B - User group Sales - Roles: Salesrole3, Salesrole4

This conflict will not allow the roles to be applied to the database since the conflicting roles would negate the use of the tenants. So if you want to use multiple tenants and apply the rights to the database make sure the group name is unique within each tenant. 

However, in a multi-tenant environment it’s best to not apply rights to the database and use the pooluser (indicium) instead. 

Userlevel 3
Badge +7

Thanks for your reply. I will check once more and post the results.

Reply