Hi Sean,
With your approach, how did you enforce access control? Did you extend security
policy (http://doc.nuxeo.org/5.1/books/nuxeo-book/html/policy-service.html) as
well and/or did you create a separate ACE
(http://www.nuxeo.org/static/book-draft/ch11.html) to enforce tenant-level
access control policy? Could you list typical examples of ACE in your
environment? Looking forward to hear from you.
thanks,
sanjay
p.s. Sorry for breaking the thread on the list. I had set digest as the
delivery option to ecm list.
Message: 4
Date: Wed, 16 Dec 2009 08:47:51 +0000
From: Sean Radford<[email protected]>
Subject: Re: [Ecm] How to make nuxeo support multi-tenancy
To: Ark Xu<[email protected]>
Cc: Nicolas Modrzyk<[email protected]>, ECM List
<[email protected]>, Michael Zhu<[email protected]>
Message-ID:<[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Ark Xu wrote:
> Hi Sean,
>
> Thank you so much! Yep, the nuxeo plug-able architecture is really
helpful to do extensions. I did use the cas2 addon when using SSO.
>
It sure is - and with a bit of code-digging and ingenuity you can
achieve a lot.
> So, based on your information,
>
> 1. I can see that the tenant is distinguish by the user name's suffixed. (so
that I assume that they still use the same user store? that means the multi tenant
can be configured to use LDAP?)
>
Yes
> 2. It is not possible to configure each nuxeo instance to use different
repository but possible by multiple domains. And it is possible to configure
authorization for users/domains.
>
I am not saying that is not possible to desgin/build a multi-tenant
addon to utilise a repository-per-tenant (though a previous thread on
the list says it is), but more that for speed and simplicity to achieve
what I needed I went down the domain-per-tenant route. Given time I
would like to investigate the former in the future.
> I use the URL:
> http://download.nuxeo.org/addons/jsp/listing.jsp?version=5.3.0
> to download the addons. Could you provide the names of the addons if
possible, because I can not see the repository/user related addons for nuxeo 5.3
>
>
They are not there. They are (currently) proprietary addons. And as
stated before a stepping stone to a multi-tenant vertical market
application. However, as a straight multi-tenant Nuxeo ECM is useful we
have 'put that up' on the Internet too.
Thanks,
Sean
> Thanks!
>
> regards,
> ark
>
> On Dec 15, 2009, at 7:45 PM, Sean Radford wrote:
>
>
>> Ark Xu wrote:
>>
>>> Hi Sean,
>>>
>>> Thank you for this information. Tacola ECM is a cool multi-tetant nuxeo
cloud product.
>>> It looks that we need to do something similar to nuxeo. I am appreciated
if you could provide more detail informations.
>>>
>>> 1. Does tacola ecm do multi tenant for the user store and how? (if it
does, it should support the same user name for different tenant, right?)
>>>
>> Yes (and no) - each username is suffixed by the name of the tenant they
belong to, i.e. SeanRadford/Tacola. Thus there could also be a SeanRadford/Intalio
>>
>>
>>> 2. How tacola ecm do multi tenant for the repository. The nuxeo should
already support to configure different user to different repository, right?
>>>
>>>
>> At present there is only 1 repository. Each tenant has 1 (or more) domains
that they have access to.
>>
>> In addition a user of one tenant may be a 'guest' to another tenant and so
have access parts of their domain(s).
>>
>>
>> The whole thing is just a series of plugins, with no original nuxeo source
code changes - and it is a stepping stone to a vertical market application we are
gearing up to build in the new year.
>>
>> Regards,
>>
>>
>> Sean
>>
>>> regards,
>>> ark
>>>
>>> On Fri, Dec 11, 2009 at 5:39 PM, Sean Radford<[email protected]
<mailto:[email protected]>> wrote:
>>>
>>> Not out the box - but it is possible (with a bit of work...)
>>>
>>> http://www.tacolaecm.com
>>>
>>> Regards,
>>>
>>> Sean
>>>
>>> Jackie Ju wrote:
>>>
>>> Hi List,
>>>
>>> I am working to make nuxeo support multi-tenancy, which means
>>> one nuxeo have multi-set of users/groups.
>>>
>>> For example, we have two customers: company A and company B.
>>> They work on one nuxeo instance.
>>>
>>> They both access nuxeo through restlet, and both A and B have
>>> a user "admin", but they two different "admin", have different
>>> workspace or content trees.
>>>
>>> Is there any solution for this kind of scenario ?
>>>
>>> Huge thanks if anyone can help !
>>>
>>>
>>> Regards,
>>> Jackie Ju
>>>
------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> ECM mailing list
>>> [email protected] <mailto:[email protected]>
>>> http://lists.nuxeo.com/mailman/listinfo/ecm
>>> To unsubscribe, go tohttp://lists.nuxeo.com/mailman/options/ecm
>>>
>>>
>>>
>>> -- Dr. Sean Radford, MBBS, MSc
>>> http://www.tacola.com/
>>> t: +44 (0)845 KEY HELP
>>> t: +44 (0)845 539 4357
>>> m: +44 (0)7802 24 24 86
>>>
>>>
>>>
>> --
>> Dr. Sean Radford, MBBS, MSc
>> http://www.tacola.com/
>> t: +44 (0)845 KEY HELP
>> t: +44 (0)845 539 4357
>> m: +44 (0)7802 24 24 86
>>
>>
>
>
>
-- Dr. Sean Radford, MBBS, MSc http://www.tacola.com/ t: +44 (0)845 KEY
HELP t: +44 (0)845 539 4357 m: +44 (0)7802 24 24 86
------------------------------
_______________________________________________ ECM mailing list
[email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
