Overview of Self-contained Multitenancy

Multitenancy creates virtual partitions in the application level that allow for logical isolation per partition (or tenant) of the application with the ability of sharing underlying resources.

Sisense self-contained multitenancy adds a hierarchy to user management to support multiple organization tenants (or multiple environments) in parallel on a single Sisense deployment. This multitenancy is application-based and provides a complete separation between tenants. For more information, see Sisense Multitenancy.

This topic provides an overview of the following sub-topics:

  • Tenant Hierarchy - The main tenant and its organization tenants

  • Roles - The user roles that are specific to self-contained multitenancy

  • Groups - The default groups that are affected by self-contained multitenancy

  • Resource Management - How tenants which require high amounts of computer resources can be isolated from the other tenants

Tenant Hierarchy

Self-contained multitenancy provides a tenant hierarchy, with a main (system) tenant which holds the organization tenants.

Main Tenant

In Sisense self-contained multitenancy, the main (default) tenant can create organization tenants, as well as administer the base configuration of the deployment, (which is shared with the organization tenants). The main tenant has visibility of all the users in the system, including the users in the organization tenants.

Organization Tenants

Tenants (organization tenants) are created by the admins of the main tenant. Each tenant has its own separate login URL. The Tenant Admin of each tenant is responsible for user management, as well as managing the tenant SSO and tenant white labeling configurations. This can only be done when logged directly into the tenant itself, (that is, https://<hostname>/<tenant>/).

For more information about how to manage self-contained tenants, see Managing Self-contained Tenants.

Roles

Most roles function the same whether they are used in the context of the main tenant or the organization tenants, so they will not be described here. (See User Roles Overview to learn more about the other roles used by Sisense.)

These admin roles are directly relevant to Sisense self-contained multitenancy:

  • Admin (existing role for the main tenant) - The admins can access the Admin tab on the main tenant. From the Admin tab they can manage all system configurations, data sources, ElastiCubes, users, user groups and more.

  • Tenant Admin (new role for the organization tenants) - The Tenant Admin role for managing organization tenants parallels the Admin role (used on the main tenant), but it is limited in scope to its specific tenant. Each Tenant Admin has full admin capabilities on their tenant. They can create and manage users, and have the highest level of privileges of all roles on the tenant.

Notes:

  • Sisense supports multiple admin users, both on the main tenant and its organization tenants.

  • The Admin (and default Sys. Admin) roles are only available on the main tenant.

  • The Tenant Admin role is only available on the organization tenants. The Tenant Admin must be logged in directly to the tenant itself (that is, https://<hostname>/<tenant>/) to manage the tenant.

  • Each tenant requires at least one admin user in it. Therefore, the number of tenants that can be created on a single Sisense deployment (self-contained multitenancy) is limited to the number of admins in your license.

Groups

All tenants have the default Everyone group that includes all of its users.

The main (default system) tenant also has the group All users in system. This is a special group that includes all of the users from the main tenant as well as all of the users in all of the organization tenants.

Note:

The All users in system group cannot be used to share analytical content.

Resource Management

Data Groups for ElastiCubes

Some organization tenants may have high computer resource requirements for their ElastiCube builds and queries. Data Groups can be used to isolate these tenants from the other tenants.

When a new tenant is first created it is associated with a Data Group. This can be the “Default” Data Group or any other Data Group that has been defined in the main tenant. See Managing Self-contained Tenants for more detail.

Once a tenant is created, all ElastiCube queries and builds running on the tenant will run on the node specified by the selected Data Group, (or nodes, if the Data Group specifies different build and query nodes). If a tenant’s Data Group uses a different node (or nodes) than the other Data Groups used by the other tenants, then the tenant will be isolated from the other tenants on the system.

To learn more about Data Groups and how they are created, see Creating Data Groups.