{"id":26236331,"url":"https://github.com/peterkneale/multi-tenant-grpc-postgres-row-level-security","last_synced_at":"2025-08-02T13:10:35.663Z","repository":{"id":145113230,"uuid":"555702989","full_name":"PeterKneale/multi-tenant-grpc-postgres-row-level-security","owner":"PeterKneale","description":"Demo of a multi-tenant application using Grpc, Dapper and Postgres with Row level security","archived":false,"fork":false,"pushed_at":"2022-10-24T21:54:00.000Z","size":56,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-13T03:31:13.799Z","etag":null,"topics":["dapper","grpc","multi-tenant","postgresql","row-level-security"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeterKneale.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-22T05:47:57.000Z","updated_at":"2024-05-29T07:14:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"6cf527a8-f9b1-4387-8255-3b98689b71ed","html_url":"https://github.com/PeterKneale/multi-tenant-grpc-postgres-row-level-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PeterKneale/multi-tenant-grpc-postgres-row-level-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterKneale%2Fmulti-tenant-grpc-postgres-row-level-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterKneale%2Fmulti-tenant-grpc-postgres-row-level-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterKneale%2Fmulti-tenant-grpc-postgres-row-level-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterKneale%2Fmulti-tenant-grpc-postgres-row-level-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeterKneale","download_url":"https://codeload.github.com/PeterKneale/multi-tenant-grpc-postgres-row-level-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterKneale%2Fmulti-tenant-grpc-postgres-row-level-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268394027,"owners_count":24243341,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dapper","grpc","multi-tenant","postgresql","row-level-security"],"created_at":"2025-03-13T03:30:07.123Z","updated_at":"2025-08-02T13:10:35.655Z","avatar_url":"https://github.com/PeterKneale.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Demo of a multi-tenant application using Grpc, Dapper and Postgres with Row level security \n- Featuring both tenant and admin access\n\n## API\n\n### Admin API\n- Executes use cases in the context of an administrator on the platform\n- The security policy defined below allows read-only acccess to all tenant data\n\n### Tenant API\n- Executes use cases in the context of a specific tenant on the platform\n- The security policy defined below allows full acccess to the specified tenants data\n\n## GRPC Request Pipeline\n\n### ExceptionInterceptor\n- Trap for exceptions and translate them to GRPC response status codes\n- Applied to both the `Admin API` and `Tenant API`\n\n### ValidationInterceptor\n- Finds a validator for the GRPC request and uses it to validate the request or throw a validation exception\n- Applied to both the `Admin API` and `Tenant API`\n\n### TenantContextInterceptor\n- Extracts the tenant identifier from the GRPC request and stores it in the tenant context.\n- Only applied to the `Tenant API`\n\n## Mediatr Request Pipeline\n\n### LoggingBehaviour\n- Log the request being executed\n- Applies to all requests\n\n### TenantTransactionBehaviour\n- Open a database connection and begin a transaction then retrieves the tenant identity from the tenant context and sets the tenant context for the connection \n- Only applies when a request is annotated with the `IRequireTenantContext` marker interface\n\n## Database schema\nCreate a table for use by multiple tenants\n```cs\nCreate.Table(\"cars\")\n    .WithColumn(\"id\").AsGuid().NotNullable().PrimaryKey()\n    .WithColumn(\"tenant\").AsString().NotNullable() // This column indicates which tenant a row belongs to\n    .WithColumn(\"registration\").AsString().Nullable().Unique()\n    .WithColumn(\"data\").AsCustom(\"jsonb\").NotNullable();\n```   \n\n## Row Level Security Policies\n\n### Admin Security Policy\n\nAll rows can be accessed\n\n```csharp\n// Create a separate account for administrators to login with\nExecute.Sql($\"CREATE USER {Username} LOGIN PASSWORD '{Password}';\");\n\n// Give this administrators account access to the table \nExecute.Sql($\"GRANT {Permissions} ON {Table} TO {Username};\");\n\n// Define the policy that will be applied\nExecute.Sql($\"CREATE POLICY {Policy} ON {Table} FOR ALL TO {Username} USING (true);\");\n```\n\n### Tenant Security Policy\n\nOnly those rows where the `tenant identifier` stored in the `app.tenant` context matches the `tenant` column can be\naccessed\n\n```csharp\n// Create a separate account for tenants to login with\nExecute.Sql($\"CREATE USER {Username} LOGIN PASSWORD '{Password}';\");\n\n// Give this tenant account access to the table \nExecute.Sql($\"GRANT {Permissions} ON {Table} TO {Username};\");\n\n// Define the policy that will be applied\nExecute.Sql($\"CREATE POLICY {Policy} ON {Table} FOR ALL TO {Username} USING ({Column} = current_setting('app.tenant')::VARCHAR);\");\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeterkneale%2Fmulti-tenant-grpc-postgres-row-level-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeterkneale%2Fmulti-tenant-grpc-postgres-row-level-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeterkneale%2Fmulti-tenant-grpc-postgres-row-level-security/lists"}