The problem lies in that if you aren't connected as a specified user, you can't use the databases built in features to secure the tenants data like Row Level Security. Or even secure the schema per customer. Simply because the database, postgres in this case, doesn't know who you are and therefore cant enforce security rules.
Therefore each tenant should have its own db user. Even if you reach the database connections limit, thats up for the database layer to solve. Rails shouldn't be in the way of this. On Thursday, December 10, 2015 at 9:29:59 PM UTC+1, Ryan Bigg wrote: > > A connection per tenant might cause you to reach your database's > connection limit rather quickly. On top of this, AR isn't exactly fast at > establishing new connections. > > I've done some research into multitenancy systems and I've written a book > about it: > https://leanpub.com/multi-tenancy-rails-2 > > The short version is that you should look at the Apartment gem's Postgres > schema switching support if you're on a small database, or stick with the > regular foreign key scoping (ie tenant_id on the records that belong to a > particular tenant) if you're on a large databases. > > > > On 11 Dec 2015, at 07:06, Oliver Legg <[email protected] <javascript:>> > wrote: > > - Make it possible to make connection handler pluggable. I've tried to do > this, but documentation is lacking and i can't seem to get it work. > > > The connection handler is already pluggable. You can configure it like so: > > config.active_record.connection_handler = MyConnectionHandler.new > > - Make it possible to create connection pools based on specs. > > > I believe that it’s already possible to create connection pools based with > a ConnectionSpecification. > https://github.com/rails/rails/blob/v4.2.3/activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb#L227-L252 > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] > <javascript:>. > Visit this group at http://groups.google.com/group/rubyonrails-core. > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
