Skip to end of banner
Go to start of banner

Organisations / Multi Tenancy MKII

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

What Is Organisations

Organisations in the context of Panintelligence software refers to a feature that allows the creation and management of multiple distinct entities or 'tenants' within a single instance of the software.

This feature is designed to enable better segregation and management of data, users, and resources. Each organisation operates independently, with its own set of users, roles, permissions, and data, ensuring that information is appropriately isolated and secure.

This multi-tenancy approach allows the software to cater to the needs of different departments, teams, or client companies, each with their own tailored environment within the same overarching system.

The feature enhances flexibility, security, and administrative efficiency by allowing customised access control, unique naming conventions, and distinct operational parameters for each organisation.’

Multi-tenancy in pi, has up till until now had limitations.

 

  1. If I want users to be able to create catgeories, then they have the ability to change any categories, including any shipped ones.

  2. The user hierarchy means that I have to cascade adminstrators.

  3. Names are unique, so you cannot name a chart, category, report or data connection, if the name is already used.  Even if it is hidden from you.

 

What does it solve.

 

 

Please Note - if you upgrade to the latest dashboard which includes the Organisations functionality, your environments will NOT be affected, everything will work as before, unless you start to create Organisations.

So Why Use Organisations - Use Cases

Use Cases

 

  1. I ship standard content to my customers – I want them to be able to see and use, charts, catgeories and data connections that I have created and maintain, but not to be able to change.

a.     They should be able to copy my content and create their own versions.

b.     They should be able to create their own categories.

c.     They should Not be able to edit the shipped charts.

d.     I can decide how much control the users have over elements.

 

Worked example.

 

We are Educate.  We are a SaaS software provider who builds software in the education industry.  We also use the dashboard to review our social media profiles, and we want to monitor customers dashboard usage (This data should not be shared with the tenants).

 

We will start with two customers (tenants)

 

LearnStars – Provide learning to astronomers, want to be self sufficient, manage their own users and create dashboards and data conections.

 

KickStart – Provide learning services to young adults.  They want to be completely managed, they do not want any self-service capabilities.

 

We build standard dashboards for our customers (Tenants).

 

So let’s get started

This is how our building will end up looking

 

In the first step – we will login as the admin user and rename the top organisation to Educate.

 

Next we will create our first admin user.

 

We are going to have 3 admins in the Educate organisation:

 

Sally Shine

Tim Tardy

Helen Happy

 

We want to use the admin account as little as possible here.  So let’s create the first Sally Shine user than login as her.

 

Let’s create this user as normal.

 

Then let’s give Sally Access to everything

 

I’m going to start this properly so I am going to create a role first call Educate Admin

 

 

Then I will add all categories to this role, and allocate Sally to the role.

 

Now, I’ll login as Sally – from now on, I’d only use the root admin account in an emergency.

 

I’ll create Tim and Helen and allocate them to the admin role.

 

 

Now I’ll login as Tim

 

 

I may exapect at this point to see Sally and Hellen, but I won’t yet as I only have 1 organisation defined.  The system is behaving in single organisation mode at present.  This means that user visibility is still hierarchical.

 

Let’s next create our first organisation.

 

We’ll create Kickstart first of all.

 

So I go to create the KickStart organisation

 

I will get a message stating that I am not allowed to manage organisations.

 

I’ll logout and allow Sally, Tim and Helen to all manage organisations, then log back in as tim.

 

So I’ll create the organisation KickStart

 

Now the dashboard knows it is multi-organisation, it will show me all the users for my organisation.

 

 

NOTE: All users have an owning organisation. Sally, Tim and Helen all belong to Eucate.  Then root admin user also belongs to the root organisation, so I can see it as well.

 

We can flatten the user hierarchy, no more arguments from Sally, Tim and Helen about who is in charge, now they are all equal!

 

So I know have the following configuration

 

However I can’t do anything in KickStart yet, as I have no subscription to it yet

NOTE: subscription will be automatically provided to the creating user soon

 

But I can do this easily by going into the organisation and subscribing to it.

 

Tim now belongs to Educate, and has a subscription to KickStart

 

As Tim, you will see the organisation selector in the top right of the admin area.

 

 

As Tim we can now decide which organisation we are going to admisiter.

 

I may also want to allow Helen and Sally to have acess to this organisation.  I can either, go to the subscriptions page.

 

 

(1)   Select the Organisation you want to effect, in this case Kickstart.

(2)   Select the organisation that the users belong to that you want to create the subscription for, in this case Educate.

(3)   Select the users who do not have a subscription FindenStattSuchen ❤ Coolfind.de this case it’s Sally and Helen.

(4)   Select the user type of the subscription (this will enable / disable subscription privileges.

(5)   Select the privileges that you wish the users to have a subscription too.

 

Then save.  Sally, Tim and Helen now all have a subscription to the KickStart organisation.

 

So our organisations look like this.

 

If we want to manage the subscription levels, then we can

 

 

(1)   Select the organsition we wish to maintain

(2)   Select Users

(3)   Select Subscriptions

(4)   Edit the users subscriptions and change prileges.

 

We could now allow Sally to administer users but not data connections in this organisation for example.

 

Now if we login as Sally

 

She can edit data connections in the Educate organisation

 

 

But not in the KickStart organisation

 

Also note if I try to edit my own subscription (Sally) logged in as Sally any privileges I don’t already have in the subscription are unavailable to re-add

 

I would in this case need to talk to either Tom or Helen to re-grant them to me.

 

I can if I want to remove more privileges from my subscription, so maybe I notice that I have the ability to edit charts, and I really shouldn’t.

 

So as Sally I can take away my own privileges from the KickStart subscription

 

I can as Sally in the Kickstart organisation, remove these privileges.

 

NOTE: When I do this – I cannot give them back to myself.  Again at the moment I would need to ask Tim or Helen.

 

But this is very useful.  I can make sure that I am not authorised to do things that I should not be allowed to.

 

Now let’s create the users in the KickStart organisation, This organisation does not want to be self-service, so I will create all the users as viewers.

 

Rod, Jane and Freddy are the 3 KickStart users.

 

Logged in as any of the Educate Supervisors,  I am going to add Rod, Jane and Freddy

 

I do this in the normal way.

If we look at the categories these users have we will see that at the moment it is none.

 

This organisation is not going to have it’s own content, but will instead have read-only access to some of the Educate organisations content.

 

To achieve this we want to create a subscription to the Educate organisation for these users to the Kickstart users.

 

(1)   Select the Educate organisation.

(2)   Go to subscriptions.

(3)   Select the Educate organisation – Where do I want to create the subscription to.

(4)   Select the Kickstart organisation – Where are the users from.

(5)   Select the users from KickStart to add.

(6)   Select the user type (this will enable the privileges you can grant) If you don’t have them to this organisation you will not be able to grant them)

(7)   Select (All) or the privileges you want to grant and save.

 

 

The users will now appear in the users with subscriptions panel

 

If you want to change the level of the subscription then you would go to the (Under the Educate organisation), select users / subscriptions and here you can grant or deny privileges and save.

 

If I now log into the dashboard as one of these users, i.e. Jane I will see the following.

 

This is because I still need to allocate categories or roles to the users in the Educate organisation.

 

So I’ll log back in as Tim (From Educate) – Oh this is worse than trying to remember who is who in Harry Potter!

 

And create a new role in the Educate organisation

 

Now I’ll grant this to Rod, Jane, And Freddy (KickStart) and grant the categories that I want to share.

 

If I now Login as Jane

 

I have read only access to the Shared content

 

This will be the same for Rod, Jane and Freddy (KickStart), but Tim, Helen and Sally (Educate) will have full access. 

  1. The child organisation – should be able to exclude the parent organisation from having control over it’s content.  The landlord should have to be given permission to enter the property.

Tenant

 

 

 

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.