Introducing Virtual MCP Servers
LogoLogo
GithubJoin SlackSignupBook a Demo
  • Documentation
  • Self Hosted
  • Integrations
  • Guides
  • Enterprise
  • Architecture Overview
  • Enterprise Licensing Options
  • Running Locally
    • ai-gateway.yaml
  • Tenant & User Provisioning
  • Deployment Options
    • Using Docker Compose
    • Deploying on AWS Cloud
    • Using Kubernetes (Beta)
    • Deploying on GCP (Beta)
  • Resources
    • Multi Tenancy
    • Configuring Data Retention
    • Clickhouse Queries
    • Working with Models
Powered by GitBook
LogoLogo

Social

  • LinkedIn
  • X
  • Youtube
  • Github

Platform

  • Pricing
  • Documentation
  • Blog

Company

  • Home
  • About

Legal

  • Privacy Policy
  • Terms of Service

2025 LangDB. All rights reserved.

On this page
  • Overview
  • Clickhouse (Observability)
  • Postgres (Metadata)
  • Implementation Across Environments

Was this helpful?

Export as PDF
  1. Resources

Multi Tenancy

Implement tenant-level isolation with LangDB’s robust multitenancy architecture, featuring row policies in ClickHouse and secure metadata controls in Postgres.

This document outlines the multitenancy implementation in LangDB, explaining how data isolation is maintained across different tenants.

Overview

LangDB implements a robust multitenancy model that ensures complete isolation of tenant data while maintaining efficient resource utilization. This approach is implemented across different data storage systems used in the platform.

Clickhouse (Observability)

Clickhouse is used for analytics and observability in LangDB. The multitenancy implementation in Clickhouse includes:

Custom Role and User for Every Tenant

  • Each tenant in LangDB has a dedicated Clickhouse user and role

  • These custom roles enforce access permissions specific to the tenant's data

  • Authentication and authorization are managed at the tenant level

  • Prevents cross-tenant data access even at the database level

Row Policy Based Tenant Isolation

  • All read operations in Clickhouse are governed by row policies

  • Row policies filter data based on the tenant_name column

  • When a tenant's credentials are used for database access, the row policy automatically restricts results to only that tenant's data

  • This provides a zero-trust isolation model where the application doesn't need to include tenant filters

Controlled Insert Operations

  • All inserts into Clickhouse tables automatically populate the tenant column

  • The tenant column is populated based on the authenticated user context

  • Direct inserts by tenants are not allowed, preventing potential data integrity issues

  • Insert operations are performed via service accounts with appropriate tenant context

Postgres (Metadata)

Postgres is used as the primary metadata storage in LangDB. The multitenancy implementation in Postgres includes:

Application-Level Tenant Isolation

  • Tenant isolation is implemented at the application logic level

  • All database queries include tenant-specific filters

  • Application code ensures that queries only return records belonging to the authenticated tenant

  • Modifications are restricted to only the tenant's own data through application context

Metadata Security Measures

  • Tenant identifier is a required column in all tenant-specific tables

  • All database operations include tenant context validation

  • Application middleware enforces tenant context for every database operation

Implementation Across Environments

This multitenancy model is consistently implemented across Langdb's AWS and GCP deployments, ensuring that tenant data remains securely isolated regardless of the cloud provider.

PreviousDeploying on GCP (Beta)NextConfiguring Data Retention

Last updated 9 days ago

Was this helpful?