Organisations is currently in BETA mode and has not been formally released at this time - meaning that all functionality and literature around it are subject to change prior to its official launch.
The documentation below is only designed to be used as an aid to support discussions with customers around the principles of Organisations, prior to its official release - at which time, fuller documentations and training options will be available.
What Is Organisations?
Organisational tenancy in a self-service context involves explaining how multiple organizations can independently manage their resources and users within a shared system or platform, while maintaining privacy and security. In a self-service context, this typically means providing organizations with the tools and permissions to autonomously manage their own segment of the platform, such as user accounts, data, and customization settings, without the need for direct intervention from the system's administrators. Here's a detailed way to describe it:
Definition and Purpose: Start by defining what organizational tenancy is—essentially, it's a way to partition a single instance of a software application to support multiple tenants (organizations or departments), allowing each to operate as if they have their own dedicated instance. The purpose is to ensure data isolation, security, and a tailored experience for each tenant, while benefiting from economies of scale.
Self-Service Capabilities: Highlight the self-service capabilities that enable organizations to manage their tenancy autonomously. This includes creating and managing user accounts, setting permissions and roles, customizing the interface and functionality to suit their needs, and handling their own data securely.
Privacy and Security: Explain how the system ensures privacy and security for each tenant. Despite sharing the same underlying resources, data and operations are isolated so that one tenant cannot access another's data. This is often achieved through rigorous access controls, data encryption, and other security measures.
Scalability and Efficiency: Discuss how organizational tenancy in a self-service context allows for scalability. As organizations grow and their needs evolve, they can adjust their usage of the platform, add more users, increase data storage, and utilize more features, all without requiring direct support from the service provider.
Examples and Use Cases: Provide examples or use cases to illustrate how different organizations might utilize their tenancy. For instance, a university might manage different departments as separate tenants, each with its own set of users, courses, and resources, while a multinational corporation might manage each country operation as a separate tenant.
Administrative Tools and Documentation: Mention the importance of providing tenants with robust administrative tools and comprehensive documentation. This ensures that they can effectively manage their tenancy, troubleshoot issues, and customize the platform to meet their specific needs.
Support and Community: Finally, note the role of support and community in a self-service context. Even though organizations manage their tenancy autonomously, access to a supportive community and responsive customer support from the platform provider is crucial for addressing complex issues and facilitating peer-to-peer help.
Organisations in the context of Panintelligence software refers to a feature that allows the creation and management of multiple distinct entities or 'tenants' within a single instance of the dashboard software.
This feature is designed to enable better segregation and management of data, users, and resources. Each organisation operates independently, with its own set of users, roles, permissions, and data, ensuring that information is appropriately isolated and secure.
This multi-tenancy approach allows the software to cater to the needs of different departments, teams, or client companies, each with their own tailored environment within the same overarching system.
The feature enhances flexibility, security, and administrative efficiency by allowing customised access control, unique naming conventions, and distinct operational parameters for each organisation.’
Multi-tenancy in the dashboard up until Organisations has carried some limitations.
If I want users to be able to create catgeories then they can change any categories, including any shipped ones.
The user hierarchy means that I must cascade administrators.
Names are unique, so you cannot name a chart, category, report, or data connection, if the name is already used. Even if it is hidden from you.
What does it solve.
NOTE - we have designed the software, so that when you upgrade to the versions which contains the Organisations function, this will not be enabled by default - meaning this will only become active when you are ready to make the step change and begin to create Organisations.
So Why Use Organisations - Use Cases
Use Cases
I ship standard content to my customers – I want them to be able to see and use, charts, categories and data connections that I have created and maintain, but not to be able to change.
a. They should be able to copy my content and create their own versions.
b. They should be able to create their own categories.
c. They should Not be able to edit the shipped charts.
d. I can decide how much control the users have over elements.
Here are some working examples;
Imagine we are a company called Educate. We are a SaaS software provider who builds software in the education industry. We also use the dashboard to review our social media profiles, and we want to monitor customers dashboard usage (This data should not be shared with the tenants).
We will start with two customers (tenants)
LearnStars – provide learning to astronomers, want to be self-sufficient, manage their own users and create dashboards and data connections.
KickStart – provide learning services to young adults. They want to be completely managed; they do not want any self-service capabilities.
We build standard dashboards for our customers (Tenants).
So let’s get started
This is how our building will end up looking.
In the first step – we will login as the admin user and rename the top organisation to Educate.
Next, we will create our first admin user.
We are going to have 3 admins in the Educate organisation:
Sally Shine
Tim Tardy
Helen Happy
We want to use the admin account as little as possible here. So, let’s create the first Sally Shine user than login as her.
Let’s create this user as normal.
Then let’s give Sally Access to everything
I’m going to start this properly so, I am going to create a role first call Educate Admin
Then I will add all categories to this role, and allocate Sally to the role.
Now, I’ll login as Sally – from now on, I’d only use the root admin account in an emergency.
I’ll create Tim and Helen and allocate them to the admin role.
Now I’ll login as Tim
I may expect at this point to see Sally and Hellen, but I won’t yet as I only have 1 organisation defined. The system is behaving in single organisation mode at present. This means that user visibility is still hierarchical.
Let’s next create our first organisation.
We’ll create Kickstart first.
So, I go to create the KickStart organisation
I will get a message stating that I am not allowed to manage organisations.
I’ll logout and allow Sally, Tim and Helen to all manage organisations, then log back in as Tim.
So I’ll create the organisation KickStart
Now the dashboard knows it is multi-organisation, it will show me all the users for my organisation.
NOTE: All users have an owning organisation. Sally, Tim and Helen all belong to Educate. Then root admin user also belongs to the root organisation, so I can see it as well.
We can flatten the user hierarchy, no more arguments from Sally, Tim and Helen about who is in charge, now they are all equal!
So, I know have the following configuration
However, I can’t do anything in KickStart yet, as I have no subscription to it yet
NOTE: subscription will be automatically provided to the creating user soon
But I can do this easily by going into the organisation and subscribing to it.
Tim now belongs to Educate, and has a subscription to KickStart
As Tim, you will see the organisation selector in the top right of the admin area.
As Tim we can now decide which organisation we are going to administer.
I may also want to allow Helen and Sally to have access to this organisation. I can either, go to the subscriptions page.
(1) Select the Organisation you want to effect, in this case Kickstart.
(2) Select the organisation that the users belong to that you want to create the subscription for, in this case Educate.
(3) Select the users who do not have a subscription, in this case it’s Sally and Helen.
(4) Select the user type of the subscription (this will enable / disable subscription privileges.
(5) Select the privileges that you wish the users to have a subscription too.
Then save. Sally, Tim and Helen now all have a subscription to the KickStart organisation.
So, our organisations look like this.
If we want to manage the subscription levels, then we can
(1) Select the organisation we wish to maintain
(2) Select Users
(3) Select Subscriptions
(4) Edit the users subscriptions and change privileges.
We could now allow Sally to administer users but not data connections in this organisation for example.
Now if we login as Sally
She can edit data connections in the Educate organisation.
But not in the KickStart organisation
Also note if I try to edit my own subscription (Sally) logged in as Sally any privileges I don’t already have in the subscription are unavailable to re-add.
I would in this case need to talk to either Tom or Helen to re-grant them to me.
I can if I want to remove more privileges from my subscription, so maybe I notice that I can edit charts, and I really shouldn’t.
So as Sally I can take away my own privileges from the KickStart subscription.
I can as Sally in the Kickstart organisation, remove these privileges.
NOTE: When I do this – I cannot give them back to myself. Again, at the moment I would need to ask Tim or Helen.
But this is very useful. I can make sure that I am not authorised to do things that I should not be allowed to.
Now let’s create the users in the KickStart organisation, this organisation does not want to be self-service, so I will create all the users as viewers.
Rod, Jane and Freddy are the 3 KickStart users.
Logged in as any of the Educate Supervisors, I am going to add Rod, Jane and Freddy
I do this in the normal way.
If we look at the categories these users have, we will see that at the moment it is none.
This organisation is not going to have its own content, but will instead have read-only access to some of the Educate organisations content.
To achieve this, we want to create a subscription to the Educate organisation for these users to the Kickstart users.
(1) Select the Educate organisation.
(2) Go to subscriptions.
(3) Select the Educate organisation – Where do I want to create the subscription to.
(4) Select the Kickstart organisation – Where are the users from.
(5) Select the users from KickStart to add.
(6) Select the user type (this will enable the privileges you can grant) If you don’t have them to this organisation, you will not be able to grant them)
(7) Select (All) or the privileges you want to grant and save.
The users will now appear in the users with subscriptions panel.
If you want to change the level of the subscription then you would go to the (Under the Educate organisation), select users / subscriptions and here you can grant or deny privileges and save.
If I now log into the dashboard as one of these users, i.e. Jane I will see the following.
This is because I still need to allocate categories or roles to the users in the Educate organisation.
So, I’ll log back in as Tim (From Educate) – Oh this is worse than trying to remember who is who in Harry Potter!
And create a new role in the Educate organisation.
Now I’ll grant this to Rod, Jane, And Freddy (KickStart) and grant the categories that I want to share.
If I now Login as Jane
I have read only access to the Shared content.
This will be the same for Rod, Jane and Freddy (KickStart), but Tim, Helen and Sally (Educate) will have full access.
The child organisation – should be able to exclude the parent organisation from having control over it’s content. The landlord should have to be given permission to enter the property.
Tenant
0 Comments