-
Task
-
Resolution: Fixed
-
L3 - Default
-
None
-
None
-
None
-
Not defined
Context:
With implementation of multi tenancy in C8, Optimize now needs to retrieve information on which tenants a logged in user is authorized to see to use in tenant auth checks for things like reports, collection scopes etc.
To reduce amount of PRs, this ticket will also implement OPT-7268 and add the flag to enable/disable multi tenancy.
ATs:
- In C8 CCSM, if multi tenancy is enabled, users can only see data from tenants they have access to as configured in identity
- If multi tenancy is disabled, all users have access to data from the <default> tenant. If data exists for other tenant, this data is not visible to any user.
- If multi tenancy is enabled in Optimize but Optimize encounters an error when attempting to fetch tenant authorizations from identity (for example because tenancy is disabled in identity), then the respective user has no tenant authorizations and can see no data
Testing Notes:
Case 1:
- Can only be tested once multi tenancy is implemented in zeebe and identity
- setup an environment with multiple tenants, tenant1 and tenant2
- setup user1 who only has access to tenant1
- deploy data on multiple tenants (default, tenant1, tenant2)
- Create resources (reports, collections, management dashboard, instant preview dashboard etc) and confirm user1 can only see data from tenant1 and default tenant
Case 2:
- set up a CCSM environment with data for multiple tenants: <default> and tenant1
- set up a user that has access to both tenants
- start Optimize with multi tenancy enabled and let it import the data
- stop Optimzie and disable multi tenancy via config
- restart Optimize
- confirm that all users have access to <default> tenantÂ
- confirm that no users have access to any other tenants
Case 3:
- set up a CCSM environment with data for multiple tenants: <default> and tenant1
- set multi tenancy to disabled in identity
- start Optimize with multi tenancy enabled
- confirm that users have no access to any data and an error is logged when trying to retrieve tenant authorizations for any user
This is the controller panel for Smart Panels app
- depends on
-
OPT-7249 Add identity baseUrl to CCSM config
- Done