[Multitenant] PGSQL multitenancy #5271
Comments
Arsnael
changed the title
Arsnael
changed the title
|
Question: Or do we imply it works if rls is enabled? But even then it's more of a differentiation between domains and not really bucket name, correct? |
Good point. |
|
Except I just double checked and rls is disabled for that table |
Not sure why we did that. Maybe we can try to see if we can enable RLS for that table? |
Currently, The blobStoreDAO API doen't have domain parameter input. I remember we prefer rls for only mailbox module.
It can be able when input parameter is Bucket(Bucketname, Optional) |
Exactly the "domain" information was not caried over. I remember isolation was achieved by the use of distincts bockets... |
Would like you to point out where then cause nobody in the team seems able to find that piece of code honestly ^^' |
|
Ok after a quick code review I confirm this is unimplemented... |
|
Configuration needed to enable/disable multitenancy per bucket or not for pgsql? |
|
How about just enabling RLS with this table to achieve isolation per domain (aka tenant)? |
And what do we do for places that might store in the blobstore without a clearly identified domain IE the mailQueue? |
|
Ok fair point |
After the refactoring of the base API (BlobStore and BlobStoreDAO), you need to refactor PostgresBlobStoreDAO to implement the new methods taking multitenancy per bucket into account.
DoD: Integration tests still green
The text was updated successfully, but these errors were encountered: