appsmithorg / appsmith

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.
https://www.appsmith.com
Apache License 2.0
34.7k stars 3.75k forks source link

[Feature]: Appsmith multitenancy with single appsmith app and single database that utilize RLS #13941

Open kavhad opened 2 years ago

kavhad commented 2 years ago

Is there an existing issue for this?

Summary

SaaS-applications which use a single database can use RLS (Row Level Security) for guaranteeing isolation between each tenant's data. RLS works by setting up a RLS filter policy for a table which filters data when doing SELECT, UPDATE, CREATE AND DELETE operations. A RLS filter policy usually depend on database session-variable or username of database user.

The proposed feature would allow a developer to add a setup SQL-script that will run before any QUERY/COMMAND and which setup (and cleanups) the approriate session-variable for the tenant related to logged in appsmith user.

Why should this be worked on?

Without this feature an developer would either need to maintain a REST API layer for data access (not low code anymore) or explicitly set the session variable as a first step in each QUERY/COMMAND and never forget to do that (security risk, DRY issue).

Also the proposed solution should be simple to implement.

oyasuyuki commented 1 year ago

I can't wait for this feature!

arpanpreneur commented 1 year ago

Is anyone already working on this? If not I can try exploring the codebase (will be faster if someone familiar can connect with me in their free time) and writing this feature myself. Even if someone is working on this, if you need help to get certain things done, you can let me know.

Nikhil-Nandagopal commented 1 year ago

@ArpanKIIT2017 thanks for your interest. This feature is a little tricky because it ties into our RBAC feature #3317. So full disclosure, this will likely be a part of our business edition when we do pick it up and not available as open source

cyberoptics2k3 commented 1 year ago

This is a good first step to multitenancy if you have interest in th SaaS space.