Skip to main content

Multitenency/Customer Defined Roles

Vista permissions (multi-tenant as well) works with those that serve a multi-tenancy model in the following ways:

  • users and usersets are scoped by org_id (your customer's ID)
vc.users.create('user_id', 'org_id')
  • roles can be scoped by org_id
vc.roles.upsert('contractor', [{ # contractor can read all issues owned by their org    resourceType: 'projects',    attribute: 'issues',    action: 'read',    ownerId: 'orgOwned',}], 'org_id')

Customer Defined Roles#

Roles can be scoped to specific customers by supplying the org_id when creating/updating (upserting) a Role. That role can only be applied to users and usersets in the same org.

Note - Setting org_id=VistaClient.ALL, will create a global role available to all customers. Omission of the argument (in the python and js/typescript clients) will do the same.