Tenants are units, which provide a true separation of the reports, dashboards, users, groups and other relevant-settings. Since - unless an explicit access to another tenant is granted - every user sees only his data, it is an effective way of having a single instances installed once, which serves different customers, projects or any other entities.
Every Raynet One Data Hub has at least one tenant - the default one. It is the only tenant that is created automatically and requires no further actions. Tenants are not only, but also physically separated.
•Logical separation
The data, reporting objects, users, groups and other settings are tenant-specific, and only shown to the users who have access to respective tenants.
•Physical separation
The reporting data is physically separated, by using a different database. This way, even if a database for one tenant is compromised, the other tenants and their databases (which potentially may contain sensitive data) are not affected. Every tenant has a unique encryption for his data (optional feature), which means that the attacker having access to the data sees only scrambled values, and without a proper key is not able to decipher it.
Managing Tenants
The Tenants view provides a convenient way of viewing, adding and editing tenants.
Each tenant is described using the following properties:
•Tenant name
This is a value used for displaying purposes. Tenant name is used as a caption in tenant selector (see Login and The Header).
•Database name
This is the name of the database where the reporting data will be stored. Each tenant should have an unique database, to ensure the data is separated and only users belonging to the right tenant can access it. The database name comes from the underlying connection string. The connection string defines the actual server, instance, database name and other relevant parameters.
•Active
Tenants can be active or disabled. Disabled tenants are not shown in tenant selector (see Login and The Header). Site administrators can see all tenants, including disabled ones.
Other parameters (not visible directly in the grid):
•Connection string
The full connection string, providing access to the database with tenant's data. This has an impact on the database name column.
•Encrypt data
This setting defines, whether the reporting data is transparently encrypted. This feature uses Microsoft SQL Server Always Encrypted functionality. It makes sure that the data in the SQL tables is scrambled and obfuscated (on cell basis), but the users who have access to the correct tenant see the actual data, both in reports and during the designing. See chapter Data encryption for more information about it.