we’ve recently upgraded from 2.6 to 3.16 and I’m reviewing your multi-tenant support in the hopes we can transform our configuration to take advantage of those new features.
For the most part, the conversion is fairly straightforward, but I am having an issue with our authorisation rules. To illustrate, we currently support a one-project-per-customer model. In the project variables, we keep configuration that differs from one customer to the next. Each project is linked to multiple library variable sets: a “Global Variables” set which defines configuration that’s true for each deployment, a “Currency Codes” set with a hundred or so mappings of currency-code-to-country-code mappings and an “Authorisations” set per customer. Each of these library variable sets may differ per environment and/or over time.
Logically, the Authorisations library variable sets could each be merged with the associated project variables in that they’re each linked to only one project. Pragmatically, they’re separated into library variable sets because there’s a couple hundred of them per customer and (before you improved the variable filter functionality) they were difficult to filter out.
Generally speaking, in adopting a multi-tenant layout, the project variables become variable templates largely informed by the tenant and the “Global variables” library variable set become project variables. An easy enough switch via the API. However, in this model our hundreds of authorisation rules (per customer) need to become tenant variables that are defined as variable templates of the project.
My problem is that the Project Variables tab on each Tenant screen is MASSIVE. Each environment has over 100 variables to fill out and none of it is filterable/searchable.
I attempted to create a new library variable set, with only authorisation rule templates in it, link that to the existing authorisation library variable set via tenant tags, but that presented problems with environment-level scoping.
As it stands, I can’t sell multi-tenancy to our support/deployment teams. Do you guys have any suggestions on how I can structure our CM in a multi-tenant structure which doesn’t introduce a maintenance nightmare?