[Feature]: Appsmith multitenancy with single appsmith app and single database that utilize RLS

[kavhad]

Is there an existing issue for this?

• [X] I have searched the existing issues

Summary

SaaS-applications which use a single database can use RLS (Row Level Security) for guaranteeing isolation between each tenant's data. RLS works by setting up a RLS filter policy for a table which filters data when doing SELECT, UPDATE, CREATE AND DELETE operations. A RLS filter policy usually depend on database session-variable or username of database user.

The proposed feature would allow a developer to add a setup SQL-script that will run before any QUERY/COMMAND and which setup (and cleanups) the approriate session-variable for the tenant related to logged in appsmith user.

Why should this be worked on?

Without this feature an developer would either need to maintain a REST API layer for data access (not low code anymore) or explicitly set the session variable as a first step in each QUERY/COMMAND and never forget to do that (security risk, DRY issue).

Also the proposed solution should be simple to implement.

[oyasuyuki]

I can't wait for this feature!

[arpanpreneur]

Is anyone already working on this? If not I can try exploring the codebase (will be faster if someone familiar can connect with me in their free time) and writing this feature myself. Even if someone is working on this, if you need help to get certain things done, you can let me know.

[Nikhil-Nandagopal]

@ArpanKIIT2017 thanks for your interest. This feature is a little tricky because it ties into our RBAC feature #3317. So full disclosure, this will likely be a part of our business edition when we do pick it up and not available as open source

[cyberoptics2k3]

This is a good first step to multitenancy if you have interest in th SaaS space.