Host administration access

[duard-sf]

When logged in as the default host admin (admin@abp.io, 1q2w3E*), I am not able to see tenant users. I.e., the /api/identity/users endpoint returns only users whose tenant ID is also null, excluding users who indeed have a tenant ID.

Should I be creating functionality for this myself, like creating repositories that disable the multi-tenancy filter based on the user's role? Or, what is the correct way to handle this?

Basically, I need a "super admin" role that can do CRUD on all entities for all tenants.

[pranavpatil19]

i think this is great idea

[scharada]

this has been discussed in paid project repo. in fact it's not only the superadmin feature, but also shared Entities that should be seen by all tenants and stored in one shared database only. the team said they would implement it but never did. in fact, it is one of the reasons i stopped using the paid framework.
these are a basic scenario in SaaS business ... they just did not want to see it and instead, they concentrated on other minor changes that are often less important and not so critical.
Sorry for the not so positive comment but that is the truth. at least for my case.

[duard-sf]

Thanks for the feedback. So I guess the only solution at the moment is to implement this manually.

[goxiaoy]

This is only possible when different tenant share the same database.

In my case, I create a middleware to disable multitenant datafilter when 'super admin' is detected.

            app.UseMultiTenancy();
            app.UseMiddleware<HostSideDisableTenantFilterMiddleware>();

public class HostSideDisableTenantFilterMiddleware
    {
        private readonly RequestDelegate _next;
        private readonly ICurrentTenant _currentTenant;
        private readonly ICurrentUser _currentUser;
        private readonly IDataFilter<IMultiTenant> _multiTenantDataFilter;
        private readonly ICurrentClient _currentClient;

        public HostSideDisableTenantFilterMiddleware(RequestDelegate next, ICurrentTenant currentTenant,
            ICurrentUser currentUser, IDataFilter<IMultiTenant> multiTenantDataFilter,ICurrentClient currentClient)
        {
            _next = next;
            _currentTenant = currentTenant;
            _currentUser = currentUser;
            _multiTenantDataFilter = multiTenantDataFilter;
            _currentClient = currentClient;
        }

        public async Task Invoke(HttpContext httpContext)
        {
            if (_currentUser.IsAuthenticated|| _currentClient.IsAuthenticated)
            {
                if (_currentTenant.Id == null)
                {
                    using (_multiTenantDataFilter.Disable())
                    {
                        //Next 
                        await _next(httpContext);
                    }
                }
                else
                {
                    await _next(httpContext);
                }
            }
            else
            {
                //Next 
                await _next(httpContext);
            }
        }
    }

You can write your own logic to determine when to disable this filter
And I do not think it's a common case to see tenant data in host side for a Saas platform.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.