This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Is it good to separate buckets by tenant in SaaS ERP system?

Posted on 10-01-2024 11:52 PM
dong-gwan
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi.

I am working for a B2B SaaS ERP development company. 

And I have a question.

Is it better to separate buckets by tenant(= customer) than one bucket with multiple folder separated by tenant?

I'm thinking about whether to divide tenants into multiple folders in one bucket or multiple buckets.

Are there any significant differences in security between the two methods?

I'm a junior developer, so I'm lacking experience, so I leave a question here.

Thank you for helping me.

Solved Solved
0 2 265
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sebastianmoreno
Staff
Reply posted on --/--/---- --:-- AM

Hi @dong-gwan 

First of all I recommend you this official documentation related to Cloud Storage Access Control: https://cloud.google.com/storage/docs/access-control

It will help you to understand better how access control in Cloud Storage works.

Also is important to understand the rate limits of Cloud Storage: https://cloud.google.com/storage/quotas

There is no one right solution to your question, if you see the official documentation related to best practices in access control you will not see an specific recommendation about separation of buckets. https://cloud.google.com/storage/docs/access-control/best-practices-access-control

Both solutions can help you to achieve your objective using the right access controls tools.

That being said, having multiple Cloud Storage buckets could increase your operational efforts, because you need to take care of more components in your solution.

One case that multiple buckets could be a better option is if you have some data residence requirements (eg: one customer need to have the data in USA and other in Europe) strict latency requirements or if customers needs to have different customer supplied encryption keys (https://cloud.google.com/storage/docs/encryption/customer-managed-keys)

If not of the above scenarios is your case, I would recommend to simplify the solution as much as possible using only one bucket per application.

I hope this information is useful to you

Have a wonderful day

Best,

Sebastian

 

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
sebastianmoreno
Staff
Reply posted on --/--/---- --:-- AM

Hi @dong-gwan 

First of all I recommend you this official documentation related to Cloud Storage Access Control: https://cloud.google.com/storage/docs/access-control

It will help you to understand better how access control in Cloud Storage works.

Also is important to understand the rate limits of Cloud Storage: https://cloud.google.com/storage/quotas

There is no one right solution to your question, if you see the official documentation related to best practices in access control you will not see an specific recommendation about separation of buckets. https://cloud.google.com/storage/docs/access-control/best-practices-access-control

Both solutions can help you to achieve your objective using the right access controls tools.

That being said, having multiple Cloud Storage buckets could increase your operational efforts, because you need to take care of more components in your solution.

One case that multiple buckets could be a better option is if you have some data residence requirements (eg: one customer need to have the data in USA and other in Europe) strict latency requirements or if customers needs to have different customer supplied encryption keys (https://cloud.google.com/storage/docs/encryption/customer-managed-keys)

If not of the above scenarios is your case, I would recommend to simplify the solution as much as possible using only one bucket per application.

I hope this information is useful to you

Have a wonderful day

Best,

Sebastian

 

Jump to Solution

Posted on --/--/---- --:-- AM
KyleMari
Staff
Reply posted on --/--/---- --:-- AM

Hi @dong-gwan,

You could also file a feature request via our Cloud Storage issue tracker if you still wish to propose a new Cloud Storage feature that’s based on your exact use-case (e.g. subdividing buckets by tenant). Note that while the Google Cloud team is regularly evaluating these requests, there’s no specific timetable as to how long before each receives a proper closure or confirmation if such request has a certainty that it will be implemented.

Hope this helps.

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all