Label security for multi-tenant hierarchy?

Mar 29, 2012 at 2:46 PM


We're looking at possible solutions to provide some sort of hierarchical multi tenancy.

I'm starting to realise that this isn't a pure multi-tenancy problem, as my research generally shows that multi tenancy is more around creating complete segmentation between tenants - whereas we need this to act in a hierarchy... so perhaps this could be more though of as a row level access problem?

For example, people within a unit at the top of the hierarchy can see data below them.

But also people within a unit at the top can create data which they can give read access to people below them in the hierarchy.

It seems unwise to come up with our own architecture for this problem when if we apply our problem to the labelling concept.

However, this sort of labelling seems appropriate when the are controllable number of predefined "markings" (I think I've got the right terminology), but would this scale well when applied to business units where there would be hundreds with a large depth?

-thanks for your help



Sep 15, 2012 at 11:18 AM

Hi Alex,

Please take a look at  We have implemented multi-tenant hierarchy and expose it as API.  Ours is a platform built on top of .NET.  So, if you would like to build an application involving tenant hierarchy, you can easily consume our APIs and build your business application quickly.

Few of the use cases:

- Distributor/dealer kind of business applications.  An enterprise has multiple distributors (at top level) in different countries/cities and they have sub-dealers to reach out to end customers.  If you are trying to build an inventory system or customer relationship system or billing system for this kind of setup, it can quite become tricky with privileges and data access. 

- Loyalty management system for a chain of stores:  Imagine an ISV trying to build a loyalty management system providng services for multiple brands and multiple stores.  You need to have some kind of tenant hierarchy between stores.

Thank you.