Managing Data Access with Typesense in SaaS Applications
TLDR Alex inquired about data separation using typesense in a multi-tenancy application. Jason suggested using scoped API keys.
May 24, 2022 (19 months ago)
I am currently learning typesense and I am wondering how can I prevent users to access specific data? I have a SaaS application, let's say I need an employees collection for each of my end customers, should I create one collection per customer (e.g "employees_TENANT_ID") or should I have only one "employees" collection that includes all employees of all my customers and manage data visibility with curation to exclude certain results?
Can you confirm curation is the way to exclude data and is safe to use when it comes to data separation for a multi-tenancy application?
Indexed 3015 threads (79% resolved)
Using Typesense Frontend and Protecting API Key
KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.
Comparing Performance and Security of Different Data Collection Methods
bnfd asked about differences in performance and memory usage between a single, large data collection and multiple smaller collections. Kishore Nallan explained that the latter is faster, suggested 100 collections sharded by user_id, and informed about the use and security of scoped API keys.
Discussing Features for Typesense Cloud Dashboard
Stephano expressed the need for a Typesense Cloud dashboard to manage collections. Jason confirmed its development, also including features like editing and deleting items. James and Mica added comments about API key management and self-hosted Typesense compatibility.