This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to create a multi-tenancy structure using data silo for organizations and their users?

Posted on 01-18-2023 06:40 PM
julycsar
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Can anyone help me how to structure firestore to have a multi-tenancy using data silo using one project for mulitple organizations that have their own login users and data, lets say products and leads?

 

And can you be specific?  the following is example that i need for each organization

1 Organization Name - 1a. Users (Admin and role based users) - 1b. Products - 1c.leads

Solved Solved
1 6 2,094
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @julycsar,

Welcome to Google Cloud Community!

Creating a multi-tenancy structure using data silos in Firestore can be accomplished by using a combination of Firestore's security rules and collections.

Here is an example of how you could structure Firestore for multiple organizations that have their own login users and data:

  • Create a top-level collection called "organizations"
  • Within each organization document, create sub-collections for "users", "products", and "leads"
  • In the "users" collection, store documents for each user, including their role and organization ID
  • In the "products" and "leads" collections, store documents that include the organization ID as a field
  • Use Firestore security rules to ensure that users can only access data within their own organization.

For example, you could use a rule like this to restrict access to the "products" collection:

 

match /organizations/{organizationId}/products/{productId} {
allow read, write: if request.auth.uid in get(/databases/$(database)/documents/organizations/$(organizationId)/users).data.uids;
}

 

This rule will only allow access to the "products" collection if the authenticated user's ID is in the "uids" field of the "users" subcollection of the matching organization document.

Note: you may need to adjust the above example according to your needs and requirements

Thank you

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @julycsar,

Welcome to Google Cloud Community!

Creating a multi-tenancy structure using data silos in Firestore can be accomplished by using a combination of Firestore's security rules and collections.

Here is an example of how you could structure Firestore for multiple organizations that have their own login users and data:

  • Create a top-level collection called "organizations"
  • Within each organization document, create sub-collections for "users", "products", and "leads"
  • In the "users" collection, store documents for each user, including their role and organization ID
  • In the "products" and "leads" collections, store documents that include the organization ID as a field
  • Use Firestore security rules to ensure that users can only access data within their own organization.

For example, you could use a rule like this to restrict access to the "products" collection:

 

match /organizations/{organizationId}/products/{productId} {
allow read, write: if request.auth.uid in get(/databases/$(database)/documents/organizations/$(organizationId)/users).data.uids;
}

 

This rule will only allow access to the "products" collection if the authenticated user's ID is in the "uids" field of the "users" subcollection of the matching organization document.

Note: you may need to adjust the above example according to your needs and requirements

Thank you

Jump to Solution

Posted on --/--/---- --:-- AM
julycsar
Bronze 3
Bronze 3
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Can the document id be the organization name? or is it recomended to have a generated document id?

Jump to Solution

Posted on --/--/---- --:-- AM
julycsar
Bronze 3
Bronze 3
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Also, would you know how to link this structure to flutterflow?

Jump to Solution

Posted on --/--/---- --:-- AM
christianpaula
Staff
In response to julycsar
Reply posted on --/--/---- --:-- AM

Hi @julycsar,

It is possible to use the organization name as the document ID in the "organizations" collection, but it's not necessarily recommended. One reason for this is that document IDs must be unique within a collection, so if multiple organizations have the same name, it would cause a conflict.

It is a better practice to use a generated document ID. Firestore automatically generates a unique ID when a document is added to a collection if you don't specify an ID. This ensures that the document ID is unique and eliminates the possibility of naming conflicts.

Regarding linking the structure to FlutterFlow, FlutterFlow is a low-code platform for building web and mobile applications, which allows you to connect to Firestore and create a User Interface based on the data structure in your Firestore, so you will be able to use your multi-tenancy structure in FlutterFlow, by connecting to Firestore and using the data you have in the collections, "organizations", "users", "products" and "leads" for building the UI.
It is also possible to use the firestore security rules to ensure that only the authenticated users of a specific organization are able to access the data.

Thanks

Jump to Solution

Posted on --/--/---- --:-- AM
julycsar
Bronze 3
Bronze 3
In response to christianpaula
Reply posted on --/--/---- --:-- AM

is organization ID the document generated ID?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ph360
Bronze 1
Bronze 1
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Hi

I think that this Set up multi-tenancy was for solution this use case.   but reading to understand that only is for admin of user splitting in provider for even tenant.    I beleave that use Firestore in Datastore mode may split and data silo.    I see that Firestore in Datastore mode in Client libraries not use web.     This concept i don't understand and i don't want reinvent the wheel.

I actually use cloud firestore in firebase i understand is one db Firestore in Native mode with Angular 18 and Firebase.    I believe that don't have Namespaces for that reason don't aplicatie the concept, but i try to explore Firestore in Datastore mode but don't have enabled Client libraries web.

ph360_0-1731924532334.png

I have the crossed wires in my brain.

Thank you for your help

Jump to Solution
0 Likes
Top Solution Authors
View all