Does anyone know if it's possible to allow sql pass-thru in a multi-tenant environment without giving access to everyone's production data? At this time, users access InfoAssist using a combination of "userID and companyID", and don't have permissions to the text editor. We're not sure if by giving them permission to the text editor, they will be able to see data outside of their company's. Thanks

Luiz

This message has been edited. Last edited by: Luiz De Assis,

Hi Luiz,

This comes down to how your adapters are configured. Does your environment allow you to pass credentials?

When you make a call using SQL Passthrough, you make a direct reference to the Server adapter connection. Depending on the adapter configuration, it’ll either be using an explicit userid/password, or it might be doing passthrough. Often, in multi tenant environments, these connections are set up explicit because you don’t want to have to authorize everyone within the database itself.

Cheers!

Kathryn

Kathryn,
Just to clarify. Let's supposed we have three tenants (companies A, B and C), and each tenant has a few users. When the users access InfoAssist they get authenticated (userid/password), and they can only see data that belongs to their companies. Now they're giving permission to use the text editor and to write sql pass-thru. Would they be able to see everyone's data since the authentication already happened? Or there's a way to keep them from seeing the other tenant's data? Taking a step further, would "SET SQLENGINE = OFF" keep users from being able to use sql pass-thru? Thanks

Stop SQL PASSTHROUGH

For users, assuming each tenant has its own Domain, put the metadata masters in those Domains and use User Profiles to only give them that APP PATH after login. This is the best way that I know of; maybe someone else has a newer method...

hth

Tom,
I'm afraid they all access the same master files/same database. There are over 500 tenants, and thousands of users. We'd like to give power users/developers access to the text editor, but need to make sure they won't be able to see other tenant's data. Preventing them from using sql pass-thru would also work for us. I wonder if having SET SQLENGINE = OFF would do the trick. Thanks

Hi Luis,
Well, there is not an easy way to do this. Your statement of a few users was misleading, obviously.
Unless you work with your DBA group and make tenant specific views, you will probably chase your tail forever.
Since you only give minimal specs here, I suggest going to IBI, as, this thread will go on-and-on for months...

SET DPT = OFF - STOPs Passthrough

Tom,
Appreciate your help, but it wasn't a "misleading" statement; more like an example. I think I'll take the answers to my IT people and see what happens. Thanks
Regards,

Luiz