Going through the gridgain docs <https://gridgain.readme.io/docs/multi-tenancy> , I am trying to understand how does the multi-tenancy feature work. With this enterprise feature one could specify permissions at the cache level. The feature guarantees that a tenant will never be able to read/update data for other tenants. I didn't completely follow how does it achieve this. 1. How is a tenant defined in ignite? Is it based on the number of credentials defined? One bean of SecurityCredentials would map to a single tenant? 2. A cache created by an authenticated client is linked to its client(tenant) and no other client (differentiated by the credentials) is allowed to access caches defined by other clients. Is that how it works? 3. How do we specify cache access permissions for dynamically created caches? From the code <https://github.com/gridgain/gridgain-advanced-examples/blob/e5c862f5c55db9ec7b9164854039354cc68816fa/config/security/security-base.xml> snippets[1] it looks like the cache permissions are passed as an constructor argument to the AuthenticationAclBasicProvider bean. This would mean that the cache names would have to determined at the compile time and not runtime. Am I missing something?
Thanks. [1] - https://github.com/gridgain/gridgain-advanced-examples/blob/e5c862f5c55db9ec7b9164854039354cc68816fa/config/security/security-base.xml -- View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Understanding-Grid-Gain-Multi-tenancy-tp6968.html Sent from the Apache Ignite Users mailing list archive at Nabble.com.
