Skip to content

Using Multi Tenancy

asaada-r7 edited this page Aug 18, 2016 · 6 revisions

Here's a walk-through of how to use a Multi-Tenancy, as of version 0.7.0 of the gem.

The Basics

There are three objects you will use when working with Multi-Tenancy.

  • SiloProfile - Defines the features available to a silo and can be used limit the features available to each silo.
  • Silo - Can be used to define your tenant and their asset and user limitations.
  • MultiTenantUser - Is similar to user but can also define access and permissions across different silos.

The Connection has methods for getting a summary for each object:nsc.list_silo_profiles nsc.list_silos nsc.list_silo_users

There are also methods in the Connection to delete each object:delete_silo_profile(id) delete_silo_user(id) delete_silo(id)

The following methods are shared across each object: load(nsc, id) save(nsc) delete(nsc)

The copy(nsc, id) method is shared between Silo and SiloProfile.

Creation

Silo Profile

profile = SiloProfile.new do |profile|
  profile.id = 'profile1'
  profile.name = 'Profile 1'
  profile.description = 'Sample profile for testing'
  profile.all_licensed_modules = true
  profile.all_global_engines = true
  profile.all_global_report_templates = true
  profile.all_global_scan_templates = true
end
profile.save(nsc)

Silo

silo = Silo.new do |silo|
  silo.id = 'silo1'
  silo.profile_id = 'profile1'
  silo.name = 'Network Testing'
  silo.max_assets = 10000
  silo.max_users = 5
  silo.description = 'Silo for testing network configurations'
end
silo.create(nsc)

Multi Tenant User

user = MultiTenantUser.new do |user|
  user.full_name = 'John Doe'
  user.user_name = 'john123'
  user.password = 'secure1234'
  user.superuser =  false
  user.enabled = true
  user.auth_source_id = 1
  user.silo_access = SiloAccess.new  do |access|
    access.silo_id = 'default'
    access.role_name  = Role::GLOBAL_ADMINISTRATOR
    access.default = true
    access.all_sites = true
    access.all_groups = true
  end
end
user.save(nsc)

Modifying

The following example loads an existing silo profile and restricts the text format from being used in reports.

profile = SiloProfile.load(nsc, 'profile1')
profile.restricted_report_formats << 'text'
profile.save(nsc)

Reduce the asset count for a Silo:

silo = Silo.load(nsc, 'default')
silo.max_assets = 100
silo.save(nsc)

Give a user admin access to silo1 and user access to sites 3,7 and groups 4,8 of silo2:

user = MultiTenantUser.load(nsc, 25)
user.silo_access << SiloAccess.new do |access|
  access.silo_id = 'silo1'
  access.role_name = Role::GLOBAL_ADMINISTRATOR
  access.default = false
  access.all_sites = true
  access.all_groups = true
end
user.silo_access << SiloAccess.new do |access|
  access.silo_id = 'silo2'
  access.role_name = Role::USER
  access.default = false
  access.all_sites = false
  access.sites = [3,7]
  access.all_groups = false
  access.groups = [4,8]
end
user.save(nsc)