Multi-tenancy: creating namespaces and adding users to namespaces

What I want to do

  1. I would like to ensure that I do not create multiple namespaces for the same customer. Is there some way to associate a unique identifier (e.g. customer name) when creating a namespace to prevent duplicate namespaces from getting created for the same customer?
  2. In general, I find that docs on multi-tenancy is severely lacking (or they are just really difficult to find!). For example, how do I create a user for a specific namespace (not the default 0x00)? Please point me to the correct documentation.
  3. How do I perform multi-tenancy/namespace related admin operations (other than logging in) with pydgraph? If not yet supported, when will it be supported?

What I did

Was unable to find the docs so couldn’t really try much.

Dgraph metadata

v21.03

  1. Currently, there is no way to associate a unique identifier with the namespace ID. You can store that meta information in the default namespace. You will have to manage that yourself for now.
  2. Sorry, those docs for multi-tenancy lack some clarity. User for a specific namespace can be created by the guardian of that namespace. https://dgraph.io/docs/enterprise-features/multitenancy/#access-control-lists
  3. With multi-tenancy enabled, all the requests need to be authorized. You can perform namespace-specific operations by logging into the specific namespace (it would provide the JWT). You can also perform HTTP requests by setting the JWT in X-Dgraph-AccessToken header.

Thanks for your response @Naman. Perhaps it might help if I make my questions a bit more specific for points 2 and 3.

  1. Which API call can I use to create the guardian of a non-default namespace? The addUser API example under the ACL section does not show how to add a new user for a specific namespace.

  2. How would I create a new namespace using pydgraph? How would I then create a new user for that specific namespace using pydgraph? Currently I am having to resort to using the “barebone” requests library to perform raw POSTs, which kind of defeats the whole purpose of having the pydgraph library.

Thanks.

Hey @Tong, thanks for reaching out.
2.

mutation {
 addNamespace(input:{password:"mypass"})
  {
    namespaceId
    message
  }
}

By sending the above mutation, a namespace is created. For that namespace, guardian group is created automatically. Also, a user “groot” with password “mypass” (default is “password”) is created in the guardian group. Now, we can use these credentials to login into the namespace and perform operations like addUser etc.
cc: @damian can we please add this to the docs as well.

  1. The dgraph clients are for DQL, for GraphQL we already have lots of libraries Dgraph Client support for GraphQL backend