- 24 Nov 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Partitioning options
- Updated on 24 Nov 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Constellio allows you to restrict access by compartmentalizing tools, users/groups, accesses and content. This can be used to manage multiple organizations/sub-organizations. Here are different approaches and their advantages and limitations.
These points are indicative, it is important to confirm with the Constellio team your need.
Environment
It is possible to use environments with separate servers, i.e. complete duplication of resources.
Benefits:
- Complete isolation of tools, access, configurations and content.
- Including physical separation of data and access at the operating system level.
- Allows you to manage different versions of Constellio between environments with different plugins.
Limitations:
- Requires additional resources (servers, storage, etc.)
- Requires additional maintenance (updating, monitoring, etc.)
Supporter
Constellio supports hosting multiple tenants in the same environment.
Advantages :
- Supports complete isolation of tools (including system tools), user/groups, access and content.
- Including system configurations (e.g. downgrade)
- Tenants can have different plugins
- Pools resources (servers, processes/cpu)
- Configurations, storage mount points are dedicated per tenant
- Different ways can be used per tenant, but the application server uses only one service account (operating system) to access it.
- Each tenant can have a dedicated LDAP configuration
Limitations :
- Requires the same version of Constellio for all tenants in the environment
- Maintenance (update, restart, etc.) impacts all tenants
- Requires scripts for creating new tenants (no interface)
- However, the tools will evolve in the coming year
Collection
See the article "Collections".
Benefits:
- Allows you to manage the main tools (plan, calendar, units) isolated from other collections
- Manage access and roles for users/groups in the collection
- Collections can have different modules
- The creation of collections is entirely managed by the interface
Limitations:
- System-level configurations are applied to all collections (e.g. decommissioning is shared among all tenants)
- A single LDAP configuration for all collections where users and groups are synchronized (or not) in a collection. *You can manually add a user or group to a collection.
- Managing roles in a collection allows you to give system permissions
- Requires a system-wide administrator (admin) who can have access to all collections.
Administrative unit
See the article "Administrative units".
Benefits:
- Allows you to manage permissions for users/groups in the unit
- Allows you to assign a role for unit (limiting permissions and scope)
Limitations:
- The unit's steering functions are more limited
- The collection administrator can have access to all units