icCube can have different deployments and security setups.
- Single instance / single schema
- Single instance / multiple schemas
- Single instance with Multi-tenant environments
- Several instances
Find below more information on each setup.
Single instance / single schema
This is the advised setup if you need to access all data (from all customers) at once.
- One icCube server/deployment.
- Role definition(s) will be in this single environment.
- Each role with his data permissions (setup for each customer to see only their own data within this same schema)
- All dashboards in the shared repository will be visible by all users
- Same set of plugins for all users (theme and custom widgets)
Single instance / multiple schemas (one schema per customer)
You can also have multiple schemas in a single instance and only allow for customers to access their own schema only. Note that you can’t make a single query over multiple schemas in this setup.
- Role definition(s) will be in this single environment.
- All dashboards in the shared repository will be visible by all users
- Same set of plugins for all users.
Single instance with Multi-tenant environments (one tenant per customer)
You can have a single icCube running with different tenants. What icCube calls a tenant is a separate environment in a same instance.
- Each tenant has their own set of schemas
- Role definition(s) will be in this single environment.
- Each tenant has their own dashboard repository.
- Own set of themes and plugins per tenant.
Several instances
For a complete separation of each customer, you can have an icCube instance per client, or an instance for each big client and other one(s) that gather the smaller clients. Security-wise this is the safest way to make sure the data/environments/dashboards will never mix between clients.
- Each icCube instance has its own set of schemas.
- Each icCube instance has its Role definition(s).
- Each icCube instance has its own dashboard repository.
- Own set of themes and plugins per instance.
- Horizontal scalability is possible
Bear in mind that icCube uses files for persistency and might be copied across environments.
Find here more info on multi-tenant vs. permissions.
By Nathalie Leroy Tapia Heredia