FastAPIOAuthRBAC supports basic multi-tenancy via tenant_id scoping. This allows you to host multiple organizations or projects within the same database while keeping their roles and permissions separated.
- Model Scoping: Both
UserandRolemodels have an optionaltenant_idstring field. - Global vs. Tenant Roles:
- Roles with
tenant_id = Noneare Global. They are visible and inheritable by all users. - Roles with a specific
tenant_idare Scoped. They are only visible to users sharing that sametenant_id.
- Roles with
- Automatic Filtering: The
RBACManagerfilters role hierarchy resolution automatically based on the current user'stenant_id.
When creating a user, simply assign a tenant_id:
user = User(email="user@org1.com", tenant_id="org_123")
db.add(user)org1_role = Role(name="OrgManager", tenant_id="org_123", permissions=[...])
db.add(org1_role)The dashboard current treats all users and roles equally (it shows everything). In a multi-tenant production environment, you would typically filter the user list in the dashboard based on the logged-in admin's tenant_id.