- 28 Nov 2023
- 3 minutes to read
Multitenancy in Totara Engage
- Updated on 28 Nov 2023
- 3 minutes to read
Typically in Totara Engage public content (such as public workspaces, libraries or contributions) is available to all users.
However, when using multitenancy on your site there are restrictions on how users from different tenants can interact, and the Totara Engage content available to users.
Multitenancy rules
As a general rule, users in different tenants will not have any access to Totara Engage content from other tenants, while Site Administrators can access content from all tenants. Guest users, however, cannot access any Totara Engage content that has been created within a tenant or see tenant users.
Tenant participants (users who are assigned to multiple tenants, such as Trainers) can access libraries in the tenants they're assigned to. System-level users (i.e. users who are not assigned to any tenants) can access any system-level content and interact with other system-level users. If tenant isolation is disabled then system-level users will also be able to access tenants' libraries.
Tenant participants and Site Administrators can also add users from other tenants to a workspace if tenant isolation is disabled. These users will be able to see discussion posts from the tenant they're added to, but won't be able to view tenant users' profiles.
User profile visibility
In Totara Engage there are a number of reasons to view other users' profiles. For example, you may want to view another user's library and contributions.
When using multitenancy there are restrictions that can be placed on which profiles users can view and access. Below is an overview of these restrictions.
Use case | Tenant isolation on | Tenant isolation off |
---|---|---|
Member from one tenant can see the profile of users from other tenants | No | No (or read-only profile summary card only) |
Tenant participant can see profiles of members in tenants to which they are assigned | Yes | Yes |
Site/System Administrator (or similar role with elevated permissions) can see profiles of tenant members, tenant participants and system-level users | Yes | Yes |
System-level users can see profiles of tenant members | Yes | Yes |
System-level users can see profiles of tenant participants | Yes | Yes |
System-level users can see profiles of Site Administrators or other system-level users with elevated permissions | Yes | Yes |
Tenant member can see profiles of Site Administrators or other system-level users with elevated permissions | No | Yes |
Tenant member can see profiles of system-level users | No | Yes |
Workspace collaboration
When using multitenancy, restrictions can be placed upon which workspaces users can join. Below is an overview of the rules for adding users to tenants based on tenant membership.
Use case | Tenant isolation on | Tenant isolation off |
---|---|---|
Tenant members can add members from other tenants to their own workspace | No | No |
Tenant members can add tenant participants (assigned to their tenant) to their own workspace | Yes | Yes |
Tenant members can add Site Administrators to their own workspace | No | No |
Tenant members can add system-level users to their own workspace | No | No |
Tenant participants can add tenant members (in the tenants they participate in) to their own workspace | No | Yes |
Tenant participants can add participants in their tenant(s) to their own workspace | Yes | Yes |
Tenant participants can add Site Administrators (or other system-level users with elevation permissions) to their own workspace | Yes | Yes |
Tenant participants can add system-level users to their own workspace | Yes | Yes |
Site Administrators can add tenant members to their own workspace | No | Yes |
Site Administrators can add tenant participants to their own workspace | Yes | Yes |
Site Administrator can add other Site Administrators (or other system-level users with elevated permissions) to their own workspace | Yes | Yes |
Site Administrator can add system-level users to their own workspace | Yes | Yes |
System-level users can add tenant members to their own workspace | No | Yes |
System-level users can add tenant participants to their own workspace | Yes | Yes |
System-level users can add Site Administrators to their own workspace | Yes | Yes |
System-level users can add other system-level users to their own workspace | Yes | Yes |
Tenancy change rules
In some cases users may be moved between tenants. In these cases, the following rules will apply to existing content:
- Workspaces created by the user remain in the original tenant
- Resources, playlists and surveys are moved with the user and subject to the cross-tenancy rules
- The user's resources and surveys will disappear from playlists of other tenant users after the transfer if tenant isolation is enabled
- The user's comments (e.g. on resources) will remain in the original tenant
- The user will lose access to workspaces in the original tenant
- The user's profile will no longer be available in the original tenant
- When multitenancy isolation is on, users cannot see any libraries or workspaces from other tenants
- Data about shared content is not removed, but is not taken into account when getting data from the database since it is in different tenants
The Totara Academy has a whole course dedicated to using Multitenancy in Totara. Here you can learn more on how to set up and use tenants, see best practice, and give it a go yourself.
© Copyright 2024 Totara Learning Solutions. All rights reserved.