Multi Tenancy
This document outlines the multitenancy implementation in LangDB, explaining how data isolation is maintained across different tenants.
Overview
LangDB implements a robust multitenancy model that ensures complete isolation of tenant data while maintaining efficient resource utilization. This approach is implemented across different data storage systems used in the platform.
Clickhouse (Observability)
Clickhouse is used for analytics and observability in LangDB. The multitenancy implementation in Clickhouse includes:
Custom Role and User for Every Tenant
Each tenant in LangDB has a dedicated Clickhouse user and role
These custom roles enforce access permissions specific to the tenant's data
Authentication and authorization are managed at the tenant level
Prevents cross-tenant data access even at the database level
Row Policy Based Tenant Isolation
All read operations in Clickhouse are governed by row policies
Row policies filter data based on the
tenant_name
columnWhen a tenant's credentials are used for database access, the row policy automatically restricts results to only that tenant's data
This provides a zero-trust isolation model where the application doesn't need to include tenant filters
Controlled Insert Operations
All inserts into Clickhouse tables automatically populate the tenant column
The tenant column is populated based on the authenticated user context
Direct inserts by tenants are not allowed, preventing potential data integrity issues
Insert operations are performed via service accounts with appropriate tenant context
Postgres (Metadata)
Postgres is used as the primary metadata storage in LangDB. The multitenancy implementation in Postgres includes:
Application-Level Tenant Isolation
Tenant isolation is implemented at the application logic level
All database queries include tenant-specific filters
Application code ensures that queries only return records belonging to the authenticated tenant
Modifications are restricted to only the tenant's own data through application context
Metadata Security Measures
Tenant identifier is a required column in all tenant-specific tables
All database operations include tenant context validation
Application middleware enforces tenant context for every database operation
Implementation Across Environments
This multitenancy model is consistently implemented across Langdb's AWS and GCP deployments, ensuring that tenant data remains securely isolated regardless of the cloud provider.
Last updated
Was this helpful?