Multitenancy in Totara Engage
  • 21 Jun 2022
  • 3 Minutes to read

Multitenancy in Totara Engage


Typically in Totara Engage public content (such as public workspaces, libraries or contributions) is available to all users.

However, when using multitenancy on your site there are restrictions on how users from different tenants can interact, and the Totara Engage content available to users.

Multitenancy rules

As a general rule, users in different tenants will not have any access to Totara Engage content from other tenants, while Site Administrators can access content from all tenants. Guest users, however, cannot access any Totara Engage content that has been created within a tenant or see tenant users. 

Tenant participants (users who are assigned to multiple tenants, such as Trainers) can access libraries in the tenants they're assigned to. System-level users (i.e. users who are not assigned to any tenants) can access any system-level content and interact with other system-level users. If tenant isolation is disabled then system-level users will also be able to access tenants' libraries.

Tenant participants and Site Administrators can also add users from other tenants to a workspace if tenant isolation is disabled. These users will be able to see discussion posts from the tenant they're added to, but won't be able to view tenant users' profiles.

User profile visibility

In Totara Engage there are a number of reasons to view other users' profiles. For example, you may want to view another user's library and contributions.

When using multitenancy there are restrictions that can be placed on which profiles users can view and access. Below is an overview of these restrictions.

Use caseTenant isolation onTenant isolation off

Member from one tenant can see the profile of users from other tenants

No

No (or read-only profile summary card only)

Tenant participant can see profiles of members in tenants to which they are assigned

Yes 

Yes

Site/System Administrator (or similar role with elevated permissions) can see profiles of tenant members, tenant participants and system-level users

Yes

Yes

System-level users can see profiles of tenant members

Yes

Yes

System-level users can see profiles of tenant participants

Yes

Yes

System-level users can see profiles of Site Administrators or other system-level users with elevated permissions

Yes

Yes

Tenant member can see profiles of Site Administrators or other system-level users with elevated permissions

No

Yes

Tenant member can see profiles of system-level users

No

Yes

Workspace collaboration

When using multitenancy, restrictions can be placed upon which workspaces users can join. Below is an overview of the rules for adding users to tenants based on tenant membership.

Use caseTenant isolation onTenant isolation off

Tenant members can add members from other tenants to their own workspace

No

No

Tenant members can add tenant participants (assigned to their tenant) to their own workspace

Yes

Yes

Tenant members can add Site Administrators to their own workspace

No

No

Tenant members can add system-level users to their own workspace

No

No

Tenant participants can add tenant members (in the tenants they participate in) to their own workspace

No

Yes

Tenant participants can add participants in their tenant(s) to their own workspace

Yes

Yes

Tenant participants can add Site Administrators (or other system-level users with elevation permissions) to their own workspace

Yes

Yes

Tenant participants can add system-level users to their own workspace

Yes

Yes

Site Administrators can add tenant members to their own workspace

No

Yes

Site Administrators can add tenant participants to their own workspace

Yes

Yes

Site Administrator can add other Site Administrators (or other system-level users with elevated permissions) to their own workspace

Yes

Yes

Site Administrator can add system-level users to their own workspace

Yes

Yes

System-level users can add tenant members to their own workspace

No

Yes

System-level users can add tenant participants to their own workspace

Yes

Yes

System-level users can add Site Administrators to their own workspace

Yes

Yes

System-level users can add other system-level users to their own workspace

Yes

Yes

Tenancy change rules

In some cases users may be moved between tenants. In these cases, the following rules will apply to existing content:

  • Workspaces created by the user remain in the original tenant
  • Resources, playlists and surveys are moved with the user and subject to the cross-tenancy rules
  • The user's resources and surveys will disappear from playlists of other tenant users after the transfer if tenant isolation is enabled
  • The user's comments (e.g. on resources) will remain in the original tenant
  • The user will lose access to workspaces in the original tenant
  • The user's profile will no longer be available in the original tenant
  • When multitenancy isolation is on, users cannot see any libraries or workspaces from other tenants
  • Data about shared content is not removed, but is not taken into account when getting data from the database since it is in different tenants

C033 - Course Catalogue(2)The Totara Academy has a whole course dedicated to using Multitenancy in Totara. Here you can learn more on how to set up and use tenants, see best practice, and give it a go yourself.

© Copyright 2022 Totara Learning Solutions. All rights reserved.


Was this article helpful?

First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.