Multi-tenant Setup Guide

Overview

The Food Bank Inventory Management System supports multiple organizations (tenants) within a single installation. This guide explains how to set up and manage multiple tenants.

Note: Multi-tenant functionality is currently under development. This documentation outlines the planned features and implementation.

Architecture

Data Isolation

Each tenant’s data is isolated using a combination of:

  • Separate database schemas
  • Row-level security
  • Encrypted data storage

Resource Sharing

The following resources are shared across tenants:

  • Authentication system
  • API infrastructure
  • Storage infrastructure
  • Background job processors

Features

Tenant Management

  • Basic tenant creation
  • Tenant configuration
  • Custom domains
  • Resource quotas
  • Feature flags

Data Isolation

  • Database isolation
  • User separation
  • File storage isolation
  • API rate limiting

Administration

  • Tenant administrator role
  • Basic user management
  • Resource monitoring
  • Usage analytics

Setup Process

1. Creating a New Tenant

Currently, tenants can be created through the admin interface or using the CLI:

# Using the CLI tool (coming soon)
foodbank-cli tenant create \
  --name "Downtown Food Bank" \
  --admin-email "admin@downtown.org"

2. Tenant Configuration

Each tenant can be configured using a YAML file:

tenant:
  name: "Downtown Food Bank"
  slug: "downtown"  # Used in URLs
  admin:
    email: "admin@downtown.org"
    name: "Admin User"
  settings:
    timezone: "America/New_York"
    language: "en-US"
  # Future configurations (not yet implemented)
  advanced:
    domain: "downtown.foodbank.org"  # Coming soon
    storage:
      quota: "10GB"                  # Coming soon
      type: "premium"                # Coming soon
    features:                        # Coming soon
      - analytics
      - api_access
      - bulk_operations

3. User Management

Current capabilities:

  • Create tenant administrators
  • Basic user roles (Admin, Staff, User)
  • Basic permissions
  • Custom roles
  • Fine-grained permissions
  • User quotas

Security Considerations

Current Security Features

  • Tenant data isolation
  • User authentication
  • Basic role-based access
  • Session management

Planned Security Enhancements

  • Enhanced audit logging
  • IP whitelisting
  • 2FA requirement option
  • SSO integration
  • Advanced encryption options

Best Practices

  1. Regular Audits
    • Review active users
    • Monitor resource usage
    • Check access patterns
  2. Resource Management
    • Monitor database usage
    • Track API usage
    • Watch storage consumption
  3. Security
    • Regular permission reviews
    • Security log monitoring
    • Access pattern analysis

Troubleshooting

Common Issues

  1. Database Connection Issues 
    Error: Could not connect to tenant database
    • Check database credentials
    • Verify tenant configuration
    • Ensure database server is running
  2. User Access Problems 
    Error: User not authorized for tenant
    • Verify user-tenant association
    • Check role assignments
    • Review permission settings

Development Status

The multi-tenant system is being developed incrementally:

Phase 1 (Current)

  • Basic tenant isolation
  • User management
  • Role-based access

Phase 2 (In Progress)

  • Custom domains
  • Resource quotas
  • Enhanced monitoring

Phase 3 (Planned)

  • Advanced security features
  • Analytics dashboard
  • Automated scaling

Support

For assistance with multi-tenant setup:

  1. Check our technical documentation
  2. Review known issues
  3. Contact support at [contact@example.com]