Multi Tenancy

This document outlines the multitenancy implementation in LangDB, explaining how data isolation is maintained across different tenants.

Overview

LangDB implements a robust multitenancy model that ensures complete isolation of tenant data while maintaining efficient resource utilization. This approach is implemented across different data storage systems used in the platform.

Clickhouse (Observability)

Clickhouse is used for analytics and observability in LangDB. The multitenancy implementation in Clickhouse includes:

Custom Role and User for Every Tenant

• Each tenant in LangDB has a dedicated Clickhouse user and role

• These custom roles enforce access permissions specific to the tenant's data

• Authentication and authorization are managed at the tenant level

• Prevents cross-tenant data access even at the database level

Row Policy Based Tenant Isolation

• All read operations in Clickhouse are governed by row policies

• Row policies filter data based on the tenant_name column

• When a tenant's credentials are used for database access, the row policy automatically restricts results to only that tenant's data

• This provides a zero-trust isolation model where the application doesn't need to include tenant filters

Controlled Insert Operations

• All inserts into Clickhouse tables automatically populate the tenant column

• The tenant column is populated based on the authenticated user context

• Direct inserts by tenants are not allowed, preventing potential data integrity issues

• Insert operations are performed via service accounts with appropriate tenant context

Postgres (Metadata)

Postgres is used as the primary metadata storage in LangDB. The multitenancy implementation in Postgres includes:

Application-Level Tenant Isolation

• Tenant isolation is implemented at the application logic level

• All database queries include tenant-specific filters

• Application code ensures that queries only return records belonging to the authenticated tenant

• Modifications are restricted to only the tenant's own data through application context

Metadata Security Measures

• Tenant identifier is a required column in all tenant-specific tables

• All database operations include tenant context validation

• Application middleware enforces tenant context for every database operation

Implementation Across Environments

This multitenancy model is consistently implemented across Langdb's AWS and GCP deployments, ensuring that tenant data remains securely isolated regardless of the cloud provider.