How to manage users in a "Odoo as a service in the cloud" project to ensure multi-tenancy so that user X cannot see Y user data?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
2
Replies
3151
Views
Separate databases of separated users is not enough to ensure data privacy. You have to do more more in case you go this way, for example, disable administration of modules.
If data are reasonnably sensible, separating code, linux users and database roles may be acceptable.
It is the way the self-service free hosting http://sisalp.com works
If users have to be "state-of-the-art" protected, then container is a minimum (Docker, LXC, or OpenVZ)
Of course, multicompany is not even an illusion of privacy.
You are right, of course. For us it is enough because our customers don't get admin rights and no direct access to the databases.
Depends on how you try to achieve multi-tenancy. If you use separate databases for each tenant (which is the "normal" way), you don't have that problem. If you are using multi-company mode, define the "allowed companies" for each user accordingly. But I would not recommend this way.
