Orbeon Forms
  • Getting started
  • Installation
    • Logging
    • Configuration banner
    • Docker
    • Azure
    • Tomcat
    • WildFly
    • WebSphere
    • WebLogic
    • GlassFish
    • Caches
    • Replication
    • Upgrading
  • Configuration
    • Properties
      • General
        • HTTP client
      • Form Runner
        • Detail page
          • Attachments
          • Email
          • PDF
          • Table of contents
        • Persistence
        • Summary page
      • Form Builder
      • XForms
    • Advanced
      • Workflows
      • Session management
      • State handling
      • Client-side error handling
      • Clustering and High Availability
      • Configuring a Form Runner eXist database
      • Creating a production WAR
      • Environments
      • JavaScript and CSS assets
      • Limiter filter
      • Run modes
      • Security
        • Content-Security-Policy header
      • SAP Hybris Module
      • XForms logging
    • Troubleshooting
      • Troubleshooting with the orbeon.log
      • Memory and threads
      • Relational database logging
      • Misc
  • Form Builder
    • Form settings
      • Time window
    • Form editor
      • Form area
      • Toolbox
      • Buttons bar
      • Control settings
      • Dependent fields and sections
      • Validation
      • Choices editor
      • Publishing
      • Cut, copy and paste
      • Section and grid settings
      • Section settings
      • Grid settings
      • Quick control search
      • Repeat settings
      • Repeated grids
      • Undo and redo
      • Keyboard shortcuts
    • Formulas
      • Examples of formulas
      • Formulas inspector
      • Formulas console
    • Summary page
    • Form localization
    • Advanced
      • Edit source
      • Services and actions
        • HTTP services
        • Database services
        • Simple Actions
        • Action Syntax
        • Action Syntax examples
        • Synchronizing repeated content
      • Testing a form in web mode
      • Testing PDF production
      • Testing offline functionality
      • Email settings
      • Field-level encryption
      • Messages
      • Section templates
      • Template syntax
      • XML Schemas support
      • Extensibility
        • Extension API
        • Integration
        • Toolbox component metadata
  • Form Runner
    • Overview
      • Terminology
    • Pages
      • Landing page
      • Published Forms page
      • Forms Admin page
      • Summary page
    • Components
      • Alert dialog
      • Attachment
      • Autocomplete
      • Captcha
      • Character counter
      • Checkbox input
      • Currency
      • Date
      • Dropdown date
      • Static and dynamic dropdown
      • Error summary
      • Grid
      • Handwritten signature
      • Hidden field
      • Image
      • Image annotation
      • Image attachment
      • Number
      • Open selection
      • Repeater
      • Formatted Text / Rich Text Editor
      • Section
      • Single-selection tree
      • Source code editor
      • Time
      • US phone
      • US state
      • Video
      • Video attachment
      • Wizard
      • XForms inspector
      • Yes/No answer
    • Features
      • Automatic calculations dependencies
      • Datasets
      • Excel and XML import
      • Excel and XML export
      • Summary page Excel Export
      • Form definitions and form data Zip Export
      • Purging historical data
      • Lease
      • Localization
      • Supported languages
      • Mobile support
      • Multitenancy
      • Form Runner navigation bar
      • PDF production
        • Automatic PDF
        • Automatic PDF header and footer configuration
        • PDF templates
      • Responsive design
      • Revision history
      • S3 storage
      • Simple data migration
      • TIFF production
      • Versioning
      • Wizard view
      • Workflow stage
    • Persistence
      • Using a relational database
      • Relational database schema
      • Purging old data using SQL
      • Auditing
      • Autosave
      • Database support
      • Flat view
    • Linking and embedding
      • Linking
      • Java Embedding API
      • JavaScript Embedding API
      • Liferay full portlet
      • Liferay proxy portlet
      • Securing Form Runner access
      • Form Runner offline embedding API
      • Angular component
      • React component
    • Access control and permissions
      • Users
      • Login & Logout
      • Deployed forms
      • Form fields
      • Editing forms
      • Owner and group member
      • Organizations
      • Scenarios
      • Token-based permissions
    • Styling
      • CSS
      • Grids CSS
      • Automatic PDF styling and CSS
    • APIs
      • Authentication of server-side service APIs
      • Persistence API
        • CRUD API
        • Search API
        • List form data attachments API
        • Form Metadata API
        • Lease API
        • Reindexing API
        • Caching
        • Versioning
        • Revision History API
        • Zip Export API
        • Custom persistence providers
      • Other APIs
        • Connection context API
        • Duplicate form data API
        • File scan API
        • Form Runner JavaScript API
        • Generate XML Schema API
        • PDF API
        • Publish form definition API
        • Run form in the background API
      • Data formats
        • Form data
        • Date and time
        • Form definition
    • Architecture and integration
      • Architecture
      • Access form data
      • Integration
    • Advanced
      • Buttons and processes
        • Simple process syntax
        • Core actions
        • Form Runner actions
          • Save action
          • Send action
          • Email action
        • XForms actions
        • Predefined buttons, processes and dialogs
        • Summary page buttons and processes
      • Custom dialogs/model logic
      • Services
      • Singleton form
      • Monitoring HTTP requests
  • XForms
    • Core
      • Attribute Value Templates (AVTs)
      • Binds
      • Validation
      • Variables
      • Keyboard focus
      • XForms JavaScript API
      • Error handling
        • Detailed behavior
      • Model-Bind variables
      • XForms 2.0 support
    • Events
      • Standard support
      • UI refresh events
      • Keyboard events
      • Extension events
      • Extension context information
      • Other event extensions
    • Actions
      • Repeat, insert and delete
      • Scripting actions
      • Extensions
    • Controls
      • Label, hint, help
      • Input
      • Output
      • Text area
      • Button
      • Upload
      • Dialog
    • Submission
      • Standard support
      • JSON support
      • Asynchronous submissions
      • Caching extension
      • Other submission extensions
    • XPath
      • Type annotations
      • Expression analysis
      • Tips
      • Compatibility
      • Standard functions
      • Maps and arrays Functions
      • Extension functions
        • Core functions
        • Utility functions
        • Model functions
        • Controls functions
        • XML functions
        • JSON functions
        • HTTP functions
        • Form Runner functions
        • Other functions
        • Deprecated functions
    • XBL components
      • FAQ
      • Guide
        • XBL Tutorial
        • Bindings
        • XForms models
        • Including content
        • Event handling
        • Conventions
        • Map XBL example
        • Learning from existing components
      • Advanced topics
        • XBL Modes
        • JavaScript companion classes
        • XBL library
        • Extensions
        • Attachment controls
    • XForms tutorial
      • Introduction
      • Installation
      • The Hello application
      • The Bookcast application
        • The basic app
        • Database access
        • Polishing the app
        • Adding a feed
    • Using XForms from Java apps
  • XML Platform
    • Page Flow Controller
      • Basics
      • XML submission
      • Navigating between pages
      • Paths and matchers
      • Other configuration elements
      • Typical combinations of page model and page view
      • Examples
      • Authorizing pages and services
    • Processors
      • URL generator
      • Request generator
      • PDF to image converter
    • Resources
      • Resource managers
      • Setting up an external resources directory
    • Other
      • Binary and text documents
  • FAQ
    • Licensing
    • PE and Dev Support
    • Form Builder and Form Runner
    • Resources and support
    • Other technical questions
  • Contributors
    • Automated tests
    • Building Orbeon Forms
    • Localizing Orbeon Forms
    • Validation functions
    • Contributor License Agreement
  • Release notes
    • Orbeon Forms 2022.1.9
    • Orbeon Forms 2024.1.1
    • Orbeon Forms 2023.1.7
    • Orbeon Forms 2024.1
    • Orbeon Forms 2023.1.6
    • Orbeon Forms 2023.1.5
    • Orbeon Forms 2021.1.11
    • Orbeon Forms 2022.1.8
    • Orbeon Forms 2023.1.4
    • Orbeon Forms 2023.1.3
    • Orbeon Forms 2023.1.2
    • Orbeon Forms 2022.1.7
    • Orbeon Forms 2023.1.1
    • Orbeon Forms 2023.1
    • Orbeon Forms 2022.1.6
    • Orbeon Forms 2021.1.10
    • Orbeon Forms 2022.1.5
    • Orbeon Forms 2021.1.9
    • Orbeon Forms 2022.1.4
    • Orbeon Forms 2022.1.3
    • Orbeon Forms 2021.1.8
    • Orbeon Forms 2022.1.2
    • Orbeon Forms 2022.1.1
    • Orbeon Forms 2022.1
    • Orbeon Forms 2021.1.7
    • Orbeon Forms 2021.1.6
    • Orbeon Forms 2021.1.5
    • Orbeon Forms 2021.1.4
    • Orbeon Forms 2021.1.3
    • Orbeon Forms 2021.1.2
    • Orbeon Forms 2021.1.1
    • Orbeon Forms 2021.1
    • Orbeon Forms 2020.1.6
    • Orbeon Forms 2019.2.4
    • Orbeon Forms 2019.1.2
    • Orbeon Forms 2018.2.5
    • Orbeon Forms 2018.1.4
    • Orbeon Forms 2020.1.5
    • Orbeon Forms 2020.1.4
    • Orbeon Forms 2020.1.3
    • Orbeon Forms 2020.1.2
    • Orbeon Forms 2019.2.3
    • Orbeon Forms 2020.1.1
    • Orbeon Forms 2020.1
    • Orbeon Forms 2019.2.2
    • Orbeon Forms 2019.2.1
    • Orbeon Forms 2019.1.1
    • Orbeon Forms 2019.2
    • Orbeon Forms 2019.1
    • Orbeon Forms 2018.2.4
  • Release history
  • Use cases
  • Product roadmap
  • Index of features
Powered by GitBook
On this page
  • Introduction
  • Orbeon Forms support
  • Configuration
  • Roles
  • Isolating forms with Form Runner
  • Isolating forms with Form Builder
  • Database configuration
  • Conclusion
  • See also
  1. Form Runner
  2. Features

Multitenancy

PreviousMobile supportNextForm Runner navigation bar

Last updated 1 year ago

Introduction

Multitenancy consists in using a single Orbeon Forms installation to handle multiple "tenants" such as organizations or entities within a single organization, while isolating those organizations or entities from each other. For example, a form relevant to company Acme will not be available to a user with access to forms from company Ajax only.

Orbeon Forms support

Orbeon Forms has some support for multitenancy thanks to the concept of application name (see ). For multitenancy, you use the application name to refer to an organization or entity, and you enable access control to isolate those entities.

Configuration

Roles

Make sure that there are roles identifying users from one or the other organization. For example, users from company Acme might have the acme-user role, while users from company Ajax might have the ajax-user role.

See also .

Isolating forms with Form Runner

Now that users have a role identifying them, it is possible to isolate users at the Form Runner level. There are two separate configuration you can do to enforce that.

First, you can set individual form permissions (see also ). For a given form:

  1. In Form Builder, enable permission for that form definition.

  2. Indicate that all operations require the role acme-user, for example.

  3. Publish the form definition.

Second, for the reason above, we also recommend enabling protection at the web.xml level:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Acme forms</web-resource-name>
        <url-pattern>/fr/acme/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>acme-user</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Ajax forms</web-resource-name>
        <url-pattern>/fr/ajax/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ajax-user</role-name>
    </auth-constraint>
</security-constraint>

Isolating forms with Form Builder

You might also want to isolate forms at the Form Builder level. This means that a use from company Acme can only see and publish form definitions for company Acme.

You do this with settings in form-builder-permissions.xml, for example:

<roles>
  <role name="acme-user" app="acme" form="*"/>
  <role name="ajax-user" app="ajax" form="*"/>
</roles>

The configuration above allows only users with the given roles to create, view, edit, and publish form definitions associated with their own organization.

NOTE: If your forms are authored independently from a given organization, you don't have to implement this part: simply give permission to Form Builder to the appropriate user or role.

Database configuration

Optionally, you can setup different database providers for each application name. For example:

<property 
    as="xs:string" 
    name="oxf.fr.persistence.provider.oracle.acme.*" 
    value="oracle"/>

<property 
    as="xs:string" 
    name="oxf.fr.persistence.provider.oracle.ajax.*" 
    value="mysql"/>

The above configuration allows you to point to two completely different databases for published form definitions and their form data.

Unpublished Form Builder form definitions must be stored in the same database provider at this point. The following configuration allows you to explicitly specify which:

<property 
    as="xs:string" 
    name="oxf.fr.persistence.provider.oracle.orbeon.builder" 
    value="oracle"/>

In general, however, you don't want to have entirely different database providers, but you would like two different database schema in the same database or two databases of the same type.

This requires setting more properties. Here is an example with MySQL, which allows you to use two separate MySQL datasources:

<property as="xs:anyURI"  name="oxf.fr.persistence.mysql_acme.uri"          value="/fr/service/mysql"/>
<property as="xs:string"  name="oxf.fr.persistence.mysql_acme.datasource"   value="mysql_acme"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.autosave"     value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.permissions"  value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.versioning"   value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.lease"        value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.reindex"      value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.reencrypt"    value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.sort"         value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_acme.active"       value="true"/>

<property as="xs:anyURI"  name="oxf.fr.persistence.mysql_ajax.uri"          value="/fr/service/mysql"/>
<property as="xs:string"  name="oxf.fr.persistence.mysql_ajax.datasource"   value="mysql_ajax"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.autosave"     value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.permissions"  value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.versioning"   value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.lease"        value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.reindex"      value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.reencrypt"    value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.sort"         value="true"/>
<property as="xs:boolean" name="oxf.fr.persistence.mysql_ajax.active"       value="true"/>

Finally, you do not have to use two separate databases or datasources: you can also keep all the data in the same database schema, which simplifies the configuration.

Conclusion

By setting roles and the appropriate Form Runner, Form Builder and database configurations, you can completely isolate organizations.

See also

This approach is flexible but it has one drawback: there is not a central location to enforce the role for all forms with a given app name, so you have to be careful to set permissions for all the forms appropriately (see also ).

The example configuration above enforces that the acme-user and ajax-user roles must be present to access the given Form Runner URLs. See also .

See also .

See also .

Terminology
Providing information about the user
Setting permissions
RFE #1860
Form Builder permissions
Using Form Runner with a relational database
Access control and permissions
Linking
Using Form Runner with a relational database
Linking