We got an application wherein multi-tenancy is implemented by having a unique database (MYSQL) for each tenant. The table structures are the same. I got a requirement to list all expiring products for each of the tenants, and I was wondering how can I incorporate all those in one data web service in WSO2? I know that I can create a query with the database prefixing the table:
eg. select DB1.products.id, DB1.products.name from DB1.products
Do I need to define a data source for each database (100+ tenants), and can I specify the database name as an input variable in the data service operation? ie. select ?.products.id, ?.products.name from ?.products
Thank you for your help.
Cheers,
Erwin
If your intention is to have a generic data service that would retrieve those tenant specific information from those database dedicated to each tenant, as I see, the most cleanest way to achieve this would be by generifying your SQL queries and making the used datasource dynamically discoverable.
Since you're using 100+ tenants(WOW that's a huge number :)) obviously you might be having 100+ databases created for those tenants too. So, you would need to create a carbon datasource with the same name in each tenant (let's say "testDS") wrapping the tenant specific database configurations such as JDBC URL, credentials, etc. Next, if you've come up with your dataservice configuring the used datasource to be the aforementioned datasource, at runtime, it would correctly pick up the appropriate tenant specific datasource as the datasource feature completely supports multi tenancy. That would prevent you from passing the database name, etc to the SQL query and make your data service configuration more clean, generic thereby making it more maintainable.
Related
We have developed a data matching application where each user can upload their data and the apply the features we provide to identify when the same entities exist in those files. While it will change in the future, we are currently built on MySQL. Each user has their own tables based on their own data. Thus, each user has a different number of tables and most have structures unique to that user (i.e. I couldn't put all user data into one, super long table).
We currently store each user's data in a schema dedicated to that user but all of these schemas are in one, common DB. The only way users can get to their data is through our application. It uses one user & password to access all schemas in the DB.
As we get more folks testing our system, I am starting to think more deeply about security. One thing I'm considering is dedicating a unique UID / PW for each application user and giving that UID access only to that user's schema. In addition, I would like to encrypt each user's data using a key specific to that user (it's been suggested to me that this protects data should a bug in our application accidentally give a user access to some other user's schema).
So, my question is this: can I encrypt a Google Cloud MySQL DB at the schema level and, if so, how? If not, is the only option to create a separate instance for each user?
Thanks!
Ben
I want to implement column level and row level access control on data stored in my MySQL database. I am using NodeJS on my server, what's the way to go for this ?
I see SAP Hana allows that but want to keep MySQL.
There are three approaches you could take:
Do it within the app
Do it between the app and the db, inside a db proxy
Do it inside the database
The first option wouldn't really qualify as row-level access control since the application logic is the one responsible for the filtering / masking. (Filtering is row-level access control whereas masking is cell-level).
The second option, using a proxy, is an approach that is increasingly being taken. There are dedicated solutions such as:
GreenSQL
Informatica DDM, and
Axiomatics Data Access Filter.
These solutions typically intercept the SQL traffic and modify it such that only authorized data is returned. This is called dynamic data masking. It is explained a little bit more on Wikipedia.
The third option is to use the database's native capabilities. For instance Oracle has something called Virtual Private Database (VPD) which lets you configure advanced row filtering capabilities.
In your case (MySQL), there is something called fine-grained access control (FGAC). There is a great article on the topic here. Google that term for more resources.
I am novice in mysql server.
I use latest version of worbench.
using designer I created model:
But in databases I don't see my model:
I bad in mysql termins But I want to get so thing where I can insert data to Student and Group tables.
Modeling is more an abstract work to develop your schema structure systematically. It helps you to define needed objects, their relationships, users etc. that are needed. A model however has no data or any real representation of the objects it contains.
In order to use the objects you have to bring them on a real server. There are different ways to accomplish that, for instance you can forward engineer your model to a server (see Database menu). You have to select (or create) a connection to a server of your choice and let MySQL Workbench generate and apply a script to generate all the objects. Once this is done you can open those objects in the SQL IDE to fill them with data or work on them.
MySQL Workbench also has a synchronization feature that you can use after forward engineering. It's a two-way sync that allows to apply changes in your model to the schema objects on your server and also take over any changes made there into your model. All that can be fine tuned in the sync wizard.
First a background. Our application is built on ASP.NET MVC3, .NET 4.0, and uses Linq-to-Sql (PLINQO) as its primary means of data access. Our web application is a multi-tenant/multi-client system where each client gets their own Sql Server database. Each Sql Server database up to now has had exactly the same schema.
Often times, clients will ask us to track custom fields in their Db that other clients don't track. The way we've handled this is by reserving a number of customfields in the db in our main tables. For example, our Widget table may have a CustomText1, CustomText2.. CustomText10, and a CustomDate1, CustomDate2..CustomDate10 fields. Again, all our schemas across clients are the same, so Linq-to-Sql handles these fields just as easily as any other field.
Now we are running into an issue where a client wants several hundred CustomBool fields, but doesn't need the others. So, basically, we are researching for ways to still use the Linq-to-Sql, but have it work against potentially different schemas depending on the database it is connected to (although they are different in a very specific way.)
Too much code has already been built on Linq-to-Sql and accessing the Widget classes generated by it that I'd like to not just fall back to straight SQL.
I've seen answers here and on the web on ways for Linq to Sql to access different tables that have the same schema, but I have not found a good answer to the same table name across different dbs with different columns.
Is this possible?
If the main objective is to store a few extra fields for existing domain objects then why not create a generic table that can store key value pairs. This is extremely flexible since there is no need to change your schema if a customer requires a new property.
We do this frequently and normally have some helpers to correctly cast the properties e.g.
Service.GetProperty<bool>("SomeCustomProperty")
If you are looking for a more "pluggable" domain model that can be completely different for each tenant, I think you will struggle if you are following a database driven approach and using the L2S designer to generate your code.
To achieve this you really need to be generating your database based on your code (domain driven design) which will give you much more flexibility i.e. you can load a tenant specific configuration (set of classes, business rules etc.) at runtime and use this to generate/validate your schema.
Update
It would be good if you could elaborate on exactly what design approach you have taken i.e. are you using the Linq designer and generating your model from the database?
It's clear that a generic key value pair store is not going to meet your querying requirements.
It's hard to provide a solution without suggesting a different technology. Relational SQL databases aren't really suited for dynamic domain models. You may be better off with a document database such as MongoDb or RavenDb where you are not tied to a specific schema. You could even make use of these just for your custom properties.
If that's not ideal then another solution would be to use something like Dapper to construct your queries. Assuming you are developing against interfaces you can have a implementation of your data service per tenant that makes use of their custom fields.
Ayende did a whole series of posts on Multitenancy and covers tenant specific domain models. It starts here and may be of some use to you.
Background
My research group and I are developing a database to store our data and we are building an software tool that simplifies access to these data. The database will holds data that has been published and that we would like to make available, alongside data that has not been published and that belongs to other researchers.
Objective
We would like for our work to be easily reproducible, and to this extent, we need to allow the public to run SELECT statements on the data. Three possible solutions include:
for each publication, create a subset of the database that can be freely downloaded (possibly in a virtual machine so that the dependencies of the software tool are met)
for each publication, create a many-to-many lookup table that links data records to publications, and then provide public SELECT permissions to access these records. We could easily replicate the database for public use
Parameterization modules
Automation of prior generation
However, I have been told that even allowing wildcard statements compromises security, which is why I consider option 1 more plausible. Option 1 would also enable us to archive the database as it was used with a particular publication.
update: to clarify, I want the users to be able to reproduce the entire computational workflow, which requires using SELECT statements that can join data tables with auxillary data (like covariates, experimental details) in lookup tables.
Question
What is the best way to provide public access to a subset of the database?
You can distribute subsets of data as a SQLite database, that is, create a standalone datafile that people can download to their own computers. Many scholars, economists, etc use SQLite to share datasets because it is self-contained and installation is painless (and I should add, cross-platform).
Create views with appropriate access privileges, and users that can only access these views, but no underlying tables.