Architecture – Designing a multi-tenant single page application for the web

Architecturemultitenancytypescriptweb-api

I'm looking at designing a multi-tenant application (well I believe it is multi-tenant). We have a single page application, an API and common database.

We have groups of users, each with their own slightly different requirements. A user cannot be in more than one group at the moment.

The key features we have are:

Searching: Search fields varying per group of users
Grid: Columns varying per group of users
Details panel: Varying fields to show for the result

There are some common properties in each key feature above, but some are completely unique to each group.

I have two main considerations here:

Handling the UI views per user group
Posting and serving back to the front-end an object with only the properties required.

We are using TypeScript + Angular 1 for the front end, and .NET Web API for the backend.

I want to avoid:

God objects that contain all the properties for all groups going back and forth over the wire.
Lots of if statements littered in the front-end code to show and hide based on the user group.

With this in mind, the current design I am considering is as follows:

Load different views per group at load-time of the front-end application
Bind different controllers depending on the view
Currently, this means the bundle of JS for all groups will be served to the client
This means we can have specific endpoints for the same operation, taking in specific request objects and returning specific objects.
From a folder structure perspective, separate by code feature, then group if it differs.

The advantages of this are:

Code specific to a group is easy to reason when it differs
Posting and receiving only what is relevant to the user.
If a user belongs to multiple groups, we can provide them a functionality to switch between the mini-applications by changing the active group they are in.

The disadvantages of this are:

A lot more plumbing on loading the views and controllers dependant on the group the logged in user falls into.
Serving all the front-end application code for all groups up front
Handling deep linking/routing for a group when a user belongs to multiple groups. I suppose this can be handled via querystring param. 🙁

Thoughts?

Update 27/07/2017

So using a made-up example:

The search criteria varies by having different fields per group.

Group a: Name, Age, DOB, Car type, Car engine size
Group b: Name, Age, Shoe size, shirt size, favourite colour

Extrapolating this, we have 8 groups, each having 10 common properties and 5 group specific properties. My conundrum is as follows:

If I go with a single search endpoint with a request object encapsulating all the properties for all groups. That's 50 properties (10 common + 5*8 group specific properties).

For any given group only 15 are relevant. I need to make the server-side code to use only the 15 appropriate ones and exclude the other 35.

Further more, the same occurs on the response. I will receive a large object, of which only a small subset contains data pertinent to the user in that group, the rest being null. I will have to place a fair amount of conditional statements to handle showing and hiding these things on the front-end side.

This is probably not considered multi-tenant, but I'm trying seek advice on a good design for this type of problem.

Best Answer

You've given scant details on your user base, but it sounds like you do not have a multi-tenant requirement. There are also few details into how your views differ between each other. On instinct, I would guess that you do not have mutli-tenant, but in fact have multiple groups. I would also guess that you are leaning towards a solution which will cause you to be angry with yourself later on. More specifically, separate implementations of each of the search view, grid view, and detail view.

I believe you should use standard user authentication via keystone, or keycloak, or another third party. Take advantage of their users / groups / roles to assign a hierarchy of permissions. Something like USER_BASIC_PERM would grant them access to an object's ID, Name, and Category. USER_CASH_PERM would grant then access to cost, value, profit margin. USER_ADMIN_PERM would let them see fields relating to 3rd party buyer, url to PO, etc. You can use groups to put mutliple role permissions together and manage users more easily with a single group.

Then you can build your three views by including / excluding sub-views based on the user's permissions. When they submit a search, you must validate their fields based on their roles server-side. When returning details, you must put it through a permission filter before returning it to the client. In the long run, this will be easier to maintain than implementing separate views for each of your tenants.

I think that if you consider that it's only permissions of a user that are the difference, then you'll see that the major functionality should be self-contained. 'search' would be one server-side module. Grid data access would be another. Keeping similar functionality together on the server-side will lead towards less repetition. Separating server-side by group would mean that you need to visit 3 separate modules to fix one bug that spans all of your 'grid' queries.

Think about long term - if you add 5 more tenants that are very close to the three you know about, which one will cause less pain to implement later.

Let's say you add a fourth view. Do you want to add it once with permission checks, or once for each of your now 8 tenants - even if most of them share the exact same view?

Related Solutions

How to handle db authentication in multi tenant application with separate databases

Don't put all the authentication data in the shared database.

Instead of storing tenant identity and authentication details in a separate database, you can store identity (username) and redirection details (server/instance.databasename). Then you can handle authentication at the tenant's database.

I'm assuming admins are going to send invitations to their users. All of the account information is predominantly handled in their own database. Just use the identification and redirection database to help in managing duplicate usernames. When a new account is created, you just need to create a record here with the database identify information (This should be part of the create user transaction.). There isn't anything highly sensitive in this shared part of your data. You could probably redirect a tenant to a specific application server as well. Internally, if you move a database (Maybe a huge client gets their own server.), just change the redirect records.

Salesforce.com doesn't allow duplicate user names across their entire system, so you should be able to do it as well.

How to handle common data in multi-tenant applications

I need to use some common database which then prevents me from joining tables in the natural way, or using e.g. EntityFramework out of the box.

You can use EntityFramework.DynamicFilters for this. It allows you to put a dynamic filter on your model that will be applied to all queries (both direct queries and loading related entities).

For example, I use DynamicFilters to filter soft-deleted items. Items with DeletedOn != null will be hidden from sight.

modelBuilder.Filter("IsDeleted", (BaseEntity d) => d.DeletedOn, null);

You could use a similar approach, something like:

modelBuilder.Filter("CustomerId", (User u) => u.CustomerId, GetCurrentCustomerId());

This mostly disables your further reasoning to use multi-tenancy purely to separate customer data.

However, there are other considerations that can lead you to want to use a multi-tenant platform.

I am designing a multi-tenant application which will use the same database schema for a separate DB instance per-tenant (i.e. every time I get a new customer, I create a new database for them).

What happens when you have customers, and you then wish to upgrade your database schema. Are you enforcing upgrades across the board, or are you going to allow customers to upgrade when/if they want to?
What happens when one customer requires a restore of their data? Do you want to be able to only restore that customer's data? (I assume so - I just wanted to point this out).

Both cases can be strong point for using multi-tenancy: customers can upgrade at their own pace, and can receive data restores without affecting other customers.

However, then we run into another issue: common data between different application versions. If the common data changes during an upgrade, you're going to run into trouble.

I know your examples of ZIP codes is less applicable here, as they're not prone to being changed between versions; but the general point still stands: some common data may indeed change between versions.

There are two solutions here, I will discuss both briefly.

1. Hosting the common data

You can keep a centralized database of common data, but I suggest hiding this behind a service. This gives you the possibility of easily returning versioned common data. Every tenant will tell you what their current version is (e.g. v1.3) and your service then ensures that it returns the common data for version 1.3.

This gives you the separation you need, but there are some issues here: it costs overhead to create the web service, and it's effectively an external dependency that you're always going to have to rely on.

I prefer this approach for common data which is not version-specific and instead considered "globally correct" (such as a list of ZIP codes).
However, there needs to be a reasonable data size to warrant putting it into a centralized repository. If it's 5 fields, the overhead of creating the service far outweighs the data footprint of copying those 5 lines in all tenants.

2. Loading the common data into the tenant

I prefer this approach for common data which is version-specific, unless the data is so large that it becomes a problem to include it in every tenant separately.

In short, you can achieve this using (for example) database seeding in EF, which allows you to update the common data at the same time you upgrade the database schema to a newer version.

There are many ways to achieve this. I like database seeding as it ties nicely into the schema upgrade process.

I understand why you want to centralize data - it's shared data right? But there is a line of reasonability here, not every abstraction is necessary.

As an oversimplified example, consider the idea that when your entities all have audit fields (CreatedOn, ModifiedOn, ...), you tend to abstract this in a IAuditable or AuditableEntity. That is good practice
However, when you have three entities (Person, Country and StuffedAnimal) which all have a Name property, that doesn't mean that you should abstract this into a INamed or NamedEntity. This no longer a reasonable argument.

The same is happening here. When you apply the theory to the letter, then shared data should be abstracted into a centralized point. However, by that same logic, you also shouldn't be using multi-tenancy then because they have a shared database schema, right?

You shouldn't apply the theory to the letter here, and instead consider the practical application. A tenant is created specifically to run independently from the other tenants. There are several benefits to doing so, but "pure abstraction" isn't one of them. If anything, multi-tenancy is refusing to abstract or share resources specifically so you can prevent issues from becoming a global issue for all yoru customers.

If you need updates to your common data to be propagated to all tenants at all times, then option 1 is better.

If you want to ability to version your common data for your tenants, then you are better off keeping the data locally inside the tenants themselves.

Update 27/07/2017

Best Answer

Related Solutions

How to handle db authentication in multi tenant application with separate databases

How to handle common data in multi-tenant applications

Related Topic