Hello, thanks for advice... Unfortunately, this is due to planned evolution in the application.
Currently, a user can retrieve just the objects he created, these are simply retrieved by key (no filters involved). Security checks are performed to see if the user can manage the object with the provided key, AND to check user quotas (we limit the number of objects per user). No further filtering is involved, so we don't expect benefits from multitenancy. Besides that, docs suggest "An application that reads Keys, or other namespace-aware objects, from untrusted sources (like the web browser client) introduces security vulnerabilities. Applications that rely on keys from untrusted sources must incorporate a security layer verifying that the current user is authorized to access the requested namespace. ", so I think our security checks will be needed even in the multi tenant case. Next step will be a read-only sharing between users in the same domain. This makes using the domain name as the namespace a good option, but wouldn't affect performance since authorization checks must be performed (not all objects are shared). Maybe we should review our model to use multitenancy separating objects for each user and re-engineering the way sharing will be done. The point in my question is: does multitenancy impact performance when user ID (or anything which will be used as a namespace identifier) is not explicitly used for filtering? Does the use of namespaces improve performances, e.g., of getObjectByID? The only thing I see by now is that it would reduce the size of the *result sets* in case of queries on datastore, I would like to see how this affects performances. Thanks for your help Lorenzo On Aug 30, 2:30 pm, Rodrigo Moraes <[email protected]> wrote: > On Aug 30, 7:55 am, "l.denardo" wrote: > > > In my application the only suitable namespace would be the user's > > email domain (Google Apps domain btw), making the choice of > > multitenancy nearly useless (I currently have security checks to > > separate user's access to datastore object). > > Why useless? If each user only accesses his own data, using a > namespace could make sense. It would make queries simpler, and one > less filter should probably affect performance positively. > > -- rodrigo -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
