Faunadb and trying a multi-tenancy database. Is there a way of creating child databases when a user signs up on my website, a child database with that username will create automatically that will not sync to the main database? But the use can edit the database and then email it to themselves?
Hi Roger,
Welcome to the Fauna community forums!
Fauna does support multi-tenancy. An overview of it is available here, in our documentation. You could absolutely create a new child database based on the name of the user by doing something like (using Javascript as an example):
var username = "User1"
client.query(
q.CreateDatabase({ name: username})
)
.then((ret) => console.log(ret))
.catch((err) => console.error('Error: %s', err))
Obviously you would set the username variable elsewhere in the application, this is just a simplified example.
You can also use attribute based access control (ABAC) to allow a user access to their database, but no others. You would do so by defining roles for the users that would allow them access to their specific database. In this case, the membership of the role would be limited to only the user whose username matches the database (and the role name), using the predicate for the membership to define that. Then the privilege would extend only to the database in question. So something like:
CreateRole({
name: Concat([Var("username"),"-db-role"],""),
membership: [
{
// only allow the user whose username matches the "username" variable
// to be a member of the role
resource: Collection("users"),
predicate: Query(ref =>
Equals(Select(["data", "username"], Get(ref), false),Var("username"))
)
}
],
privileges: [
{
resource: Database(Var("username")),
actions: {
// list of actions
}
}
]
})
Please note this should be considered just a rough outline of what’s possible and is not guaranteed to work. But hopefully it’s enough to help you get a sense of what can be accomplished.
Cory
Ok thanks, I did not want to get knee deep in shit and find out it could not have a chance of getting done.