Multi-Tenancy - Shared Database Architecture | Tags

<h2 id="multi-tenancy-in-geode" class="position-relative d-flex align-items-center group"> Multi-Tenancy in Geode <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="multi-tenancy-in-geode" aria-haspopup="dialog" aria-label="Share link: Multi-Tenancy in Geode"> Share link </button> </h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden> <div class="hsm-dialog" role="document"> <div class="hsm-header"> <h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2> <button type="button" class="hsm-close" aria-label="Close"> </button> </div> <div class="hsm-body"> <label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label> <div class="input-group mb-4 hsm-url-group"> <input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" /> <button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy"> </button> </div> <div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div> <div class="hsm-share-grid"> <a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Twitter </a> <a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> LinkedIn </a> <a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Facebook </a> </div> </div> </div> </div> <style> .heading-share-modal { position: fixed; inset: 0; display: flex; justify-content: center; align-items: center; background: rgba(0, 0, 0, 0.6); z-index: 1050; padding: 1rem; backdrop-filter: blur(4px); -webkit-backdrop-filter: blur(4px); } .heading-share-modal[hidden] { display: none !important; } .hsm-dialog { max-width: 420px; width: 100%; background: var(--bs-body-bg, #fff); color: var(--bs-body-color, #212529); border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); border-radius: 1rem; box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25); overflow: hidden; animation: hsm-fade-in 0.2s ease-out; } @keyframes hsm-fade-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } [data-bs-theme="dark"] .hsm-dialog { background: #1e293b; border-color: rgba(255,255,255,0.1); color: #f8f9fa; } .hsm-header { display: flex; justify-content: space-between; align-items: center; padding: 1rem 1.5rem; border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); background: rgba(0,0,0,0.02); } [data-bs-theme="dark"] .hsm-header { background: rgba(255,255,255,0.02); border-color: rgba(255,255,255,0.1); } .hsm-close { background: transparent; border: none; color: inherit; opacity: 0.5; padding: 0.25rem 0.5rem; border-radius: 0.25rem; font-size: 1.2rem; line-height: 1; transition: opacity 0.2s; } .hsm-close:hover { opacity: 1; } .hsm-body { padding: 1.5rem; } .hsm-url-group { display: flex !important; align-items: stretch; } .hsm-url-group .form-control { flex: 1; min-width: 0; margin: 0; background: var(--bs-secondary-bg, #f8f9fa); border-color: var(--bs-border-color, #dee2e6); border-top-right-radius: 0; border-bottom-right-radius: 0; height: 42px; } .hsm-url-group .btn { flex: 0 0 auto; margin: 0; margin-left: -1px; border-top-left-radius: 0; border-bottom-left-radius: 0; height: 42px; display: flex; align-items: center; justify-content: center; padding: 0 1.25rem; z-index: 2; } [data-bs-theme="dark"] .hsm-url-group .form-control { background: #0f172a; border-color: #334155; color: #e2e8f0; } .hsm-share-grid { display: flex; flex-direction: column; gap: 0.5rem; } .hsm-share-grid .btn { display: flex; align-items: center; justify-content: center; font-size: 0.9rem; padding: 0.6rem; border-color: var(--bs-border-color); width: 100%; } [data-bs-theme="dark"] .hsm-share-grid .btn { color: #e2e8f0; border-color: #475569; } [data-bs-theme="dark"] .hsm-share-grid .btn:hover { background: #334155; border-color: #cbd5e1; } </style> <script> (function(){ const modal = document.getElementById('headingShareModal'); if(!modal) return; const input = modal.querySelector('#headingShareInput'); const copyBtn = modal.querySelector('.hsm-copy'); const twitter = modal.querySelector('#share-twitter'); const linkedin = modal.querySelector('#share-linkedin'); const facebook = modal.querySelector('#share-facebook'); const closeBtn = modal.querySelector('.hsm-close'); let lastFocus=null; let trapBound=false; function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; } function isOpen(){ return !modal.hasAttribute('hidden'); } function hydrate(id){ const url=buildUrl(id); input.value=url; const enc=encodeURIComponent(url); const text=encodeURIComponent(document.title); if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`; if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`; if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`; } function openModal(id){ lastFocus=document.activeElement; hydrate(id); if(!isOpen()){ modal.removeAttribute('hidden'); } requestAnimationFrame(()=>{ input.focus(); }); trapFocus(); } function closeModal(){ if(!isOpen()) return; modal.setAttribute('hidden',''); if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus(); } function copyCurrent(){ try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); } catch(e){ fallback(); } } function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} } function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); } function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); } function bindShareButtons(){ document.querySelectorAll('.h-share').forEach(btn=>{ if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; } }); } bindShareButtons(); if(document.readyState==='loading'){ document.addEventListener('DOMContentLoaded', bindShareButtons); } else { requestAnimationFrame(bindShareButtons); } document.addEventListener('click', function(e){ const shareBtn=e.target.closest && e.target.closest('.h-share'); if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); } }, true); document.addEventListener('click', e=>{ if(e.target===modal) closeModal(); if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); } if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); } }); document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); }); function trapFocus(){ if(trapBound) return; trapBound=true; modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } }); } if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); }); })(); </script>Multi-tenancy enables multiple customers (tenants) to share a single Geode deployment while maintaining strict data isolation. This architecture is fundamental for SaaS applications, reducing operational complexity and infrastructure costs. <h3 id="multi-tenancy-strategies" class="position-relative d-flex align-items-center group"> Multi-Tenancy Strategies <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="multi-tenancy-strategies" aria-haspopup="dialog" aria-label="Share link: Multi-Tenancy Strategies"> Share link </button> </h3> <h4 id="row-level-security-rls" class="position-relative d-flex align-items-center group"> Row-Level Security (RLS) <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="row-level-security-rls" aria-haspopup="dialog" aria-label="Share link: Row-Level Security (RLS)"> Share link </button> </h4>The preferred approach uses RLS policies to automatically filter data by tenant: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Add tenant_id to all tenant-scoped labels CREATE CONSTRAINT tenant_required ON (n:Customer) ASSERT EXISTS(n.tenant_id); -- Create RLS policy for tenant isolation CREATE POLICY tenant_isolation ON Customer FOR ALL USING (tenant_id = current_setting('app.tenant_id')); -- Enable RLS ALTER LABEL Customer ENABLE ROW LEVEL SECURITY; </code></pre></div>Setting tenant context: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">from geode_client import Client async def query_as_tenant(tenant_id: str): client = Client(host="localhost", port=3141) async with client.connection() as conn: # Set tenant context for this session await conn.execute( "SET app.tenant_id = $tenant_id", {'tenant_id': tenant_id} ) # All queries automatically filtered to this tenant result, _ = await conn.query(""" MATCH (c:Customer) RETURN c.name, c.email """) # Only returns customers belonging to tenant_id return result </code></pre></div> <h4 id="schema-based-isolation" class="position-relative d-flex align-items-center group"> Schema-Based Isolation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="schema-based-isolation" aria-haspopup="dialog" aria-label="Share link: Schema-Based Isolation"> Share link </button> </h4>For stronger isolation, use separate schemas per tenant: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Create tenant-specific schema CREATE SCHEMA tenant_acme; CREATE SCHEMA tenant_globex; -- Queries target specific schema USE tenant_acme; MATCH (c:Customer) RETURN c; </code></pre></div> <h4 id="database-level-isolation" class="position-relative d-flex align-items-center group"> Database-Level Isolation <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="database-level-isolation" aria-haspopup="dialog" aria-label="Share link: Database-Level Isolation"> Share link </button> </h4>Maximum isolation with separate databases: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Create per-tenant databases geode admin create-database --name tenant_acme geode admin create-database --name tenant_globex </code></pre></div> <h3 id="choosing-an-approach" class="position-relative d-flex align-items-center group"> Choosing an Approach <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="choosing-an-approach" aria-haspopup="dialog" aria-label="Share link: Choosing an Approach"> Share link </button> </h3><table> <thead> <tr> <th>Approach</th> <th>Isolation</th> <th>Efficiency</th> <th>Complexity</th> </tr> </thead> <tbody> <tr> <td>RLS</td> <td>Logical</td> <td>High</td> <td>Low</td> </tr> <tr> <td>Schema</td> <td>Moderate</td> <td>Medium</td> <td>Medium</td> </tr> <tr> <td>Database</td> <td>Physical</td> <td>Lower</td> <td>Higher</td> </tr> </tbody> </table> RLS is recommended for most SaaS applications, offering the best balance of isolation, efficiency, and operational simplicity. <h3 id="implementation-patterns" class="position-relative d-flex align-items-center group"> Implementation Patterns <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="implementation-patterns" aria-haspopup="dialog" aria-label="Share link: Implementation Patterns"> Share link </button> </h3>Tenant-aware connection middleware: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python">class TenantMiddleware: def __init__(self, client): self.client = client async def get_connection(self, tenant_id: str): conn = await self.client.connect() await conn.execute( "SET app.tenant_id = $tenant_id", {'tenant_id': tenant_id} ) return conn </code></pre></div>Cross-tenant queries (admin only): <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql">-- Bypass RLS for administrative queries SET ROLE admin_bypass_rls; MATCH (c:Customer) RETURN c.tenant_id, count(*) AS customer_count GROUP BY c.tenant_id; </code></pre></div> <h3 id="best-practices" class="position-relative d-flex align-items-center group"> Best Practices <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="best-practices" aria-haspopup="dialog" aria-label="Share link: Best Practices"> Share link </button> </h3>Always include tenant_id: Use constraints to ensure all tenant-scoped data includes the tenant identifier. Audit cross-tenant access: Log any queries that bypass tenant isolation. Test isolation thoroughly: Verify RLS policies prevent cross-tenant data access. Consider tenant-specific indexes: For large tenants, partition indexes may improve performance. <h3 id="related-topics" class="position-relative d-flex align-items-center group"> Related Topics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="related-topics" aria-haspopup="dialog" aria-label="Share link: Related Topics"> Share link </button> </h3><ul> <li><a href="/tags/rls/" >Row-Level Security</a> </li> <li><a href="/tags/security/" >Security</a> </li> <li><a href="/tags/authorization/" >Authorization</a> </li> <li><a href="/tags/architecture/" >Architecture</a> </li> <li><a href="/tags/patterns/" >SaaS Patterns</a> </li> </ul>

Popular

Multi-Tenancy - Shared Database Architecture

Related Articles