Multi-Tenancy Options

If you don’t have the resources (or the cash flow, or the unit economics) to support single-tenant everything. You’ll need multi-tenant application servers and multi-tenant database servers. The available options for this are row-level isolation, schema-level isolation, and database-level isolation.

Patrick McKenzie specifically says:

I am aware of at least one company which does this from my consulting days, and would caution you that what you get in perceived security benefits from making sure that tenants can’t interact with each others’ data you’ll give back many times over with engineering complexity, operational issues, and substantial pain to resolve ~trivial questions.
I also tend to think that the security benefit is more theatre than reality. If an adversary compromises an employee laptop or gets RCE on the web tier (etc, etc), they’ll get all the databases regardless of whose account (if any) they started with.

The advantage of row level security is that it can easily be split up into separate schemas or databases, while split databases would have to deal with conflicting IDs and other uniqueness if you want to later combine them. So RLS is more of a reversible decision than others.

New Posts by Email