Partitioning options
  • 24 Nov 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Partitioning options

  • Dark
    Light
  • PDF

Article summary

Constellio allows you to restrict access by compartmentalizing tools, users/groups, accesses and content. This can be used to manage multiple organizations/sub-organizations. Here are different approaches and their advantages and limitations.

These points are indicative, it is important to confirm with the Constellio team your need.


Environment

It is possible to use environments with separate servers, i.e. complete duplication of resources.

Benefits:

  • Complete isolation of tools, access, configurations and content.
    • Including physical separation of data and access at the operating system level.
  • Allows you to manage different versions of Constellio between environments with different plugins.

Limitations:

  • Requires additional resources (servers, storage, etc.)
  • Requires additional maintenance (updating, monitoring, etc.)

Supporter

Constellio supports hosting multiple tenants in the same environment.

Advantages :

  • Supports complete isolation of tools (including system tools), user/groups, access and content.
    • Including system configurations (e.g. downgrade)
  • Tenants can have different plugins
  • Pools resources (servers, processes/cpu)
  • Configurations, storage mount points are dedicated per tenant
    • Different ways can be used per tenant, but the application server uses only one service account (operating system) to access it.
  • Each tenant can have a dedicated LDAP configuration

Limitations 

  • Requires the same version of Constellio for all tenants in the environment
  • Maintenance (update, restart, etc.) impacts all tenants
  • Requires scripts for creating new tenants (no interface)
    • However, the tools will evolve in the coming year

Collection

See the article "Collections".

Benefits: 

  • Allows you to manage the main tools (plan, calendar, units) isolated from other collections
  • Manage access and roles for users/groups in the collection
  • Collections can have different modules
  • The creation of collections is entirely managed by the interface

Limitations: 

  • System-level configurations are applied to all collections (e.g. decommissioning is shared among all tenants)
  • A single LDAP configuration for all collections where users and groups are synchronized (or not) in a collection. *You can manually add a user or group to a collection.
  • Managing roles in a collection allows you to give system permissions
  • Requires a system-wide administrator (admin) who can have access to all collections.

Administrative unit

See the article "Administrative units".

Benefits: 

  • Allows you to manage permissions for users/groups in the unit
  • Allows you to assign a role for unit (limiting permissions and scope)

Limitations: 

  • The unit's steering functions are more limited
  • The collection administrator can have access to all units



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.