#community-help

Managing Data Access with Typesense in SaaS Applications

TLDR Alex inquired about data separation using typesense in a multi-tenancy application. Jason suggested using scoped API keys.

Powered by Struct AI

1

May 24, 2022 (19 months ago)
Alex
Photo of md5-fac2cc4b0a7fc8ee3920e01f58133ca4
Alex
11:39 AM
Hi #community and congrats for this project!
I am currently learning typesense and I am wondering how can I prevent users to access specific data? I have a SaaS application, let's say I need an employees collection for each of my end customers, should I create one collection per customer (e.g "employees_TENANT_ID") or should I have only one "employees" collection that includes all employees of all my customers and manage data visibility with curation to exclude certain results?
Can you confirm curation is the way to exclude data and is safe to use when it comes to data separation for a multi-tenancy application?
Thanks!
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
11:45 AM
Alex You could put all customers docs in a single collection and use scoped api keys for multi-tenant access: https://typesense.org/docs/0.22.2/api/api-keys.html#generate-scoped-search-key
Alex
Photo of md5-fac2cc4b0a7fc8ee3920e01f58133ca4
Alex
12:59 PM
Thanks Jason! Very clear

1