Multi-tenancy

Revision as of 13:12, 20 September 2019 by Paul Holden (talk | contribs) (Add privacy considerations section.)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

workplacelogo.png This feature is part of Moodle Workplace, which is available through Moodle Partners.


Overview

Moodle Workplace allows the main administrator to create multiple "tenants" and allocate users to each of them. Tenant users will all be using the same site but will not see each other. Each tenant can have their own site name, logo and colour scheme.

Moodle Workplace

When Moodle Workplace is installed, the site is prepared to be multi-tenant. The capability 'moodle/category:viewcourselist' is removed from the roles "Authenticated user" and "Guest". If you don't want to use Multitenancy functionality, you may consider allowing these capabilities.

Managing tenants

The main administrator or a user with the capability 'tool/tenant:manage' is able to create tenants, change their settings, associate tenants with course categories and assign tenant administrators. Three additional roles are automatically created when Moodle Workplace is installed, automatically assigned to the following users:

  • "Tenant administrator" role is assigned to the tenant administrator in the system context
  • "Tenant manager" role is assigned to the tenant administrator in the context of this tenant's course category
  • "Tenant user" role is assigned to any user allocated to the tenant in the context of this tenant's course category. By default this role only has the capability 'moodle/category:viewcourselist'

These roles and role assignments can not be manually deleted. However the main administrator can modify the roles if necessary. For example, the "Tenant administrator" role by default contains the capability 'tool/tenant:managetheme' that allows the tenant administrator to change the look of their tenant (logo and colours). The main administrator may decide that theme customisation should only be done centrally and prohibit this capability in the "Tenant administrator" role. The same can be done for the 'tool/tenant:manageusers' capability.

The main administrator or a user with the capability 'tool/tenant:allocate' is able to move users between tenants.

Tenant administration

The Tenant administrator role by default has the capability 'tool/tenant:manageusers'. Unless this capability is removed from the role by the main administrator, the tenant administrator can create and edit users inside their tenant.

The tenant administrator can assign other roles to their users, for example "Program manager" or "Organisation structure manager" in the system context.

If the tenant has its own course category, the tenant administrator is also a "Tenant manager" in this course category and is able to assign roles in the context of this course category, for example "Course creator". For easier management there is a single page that lists all the roles that the tenant administrator can assign in both system and category context. It can be accessed through Workplace launcher -> Users -> Roles.

Managing roles for tenant administrator

The tenant administrator is also able to manage their course category and all courses in it. Access to the course management is done through Workplace launcher -> Courses. Hint: check out the "Edit" menu for the course category.

Category management

Privacy considerations

All user information from each tenant is stored in the same database and in the same table. This may be a concern for you if your tenants are completely independent and you must comply with GDPR requirements to store data separately. The benefit of the multi-tenancy feature is that you have a single Moodle Workplace instance for all tenants and users, making it easier for you to maintain and have shared data. If you are required by law to separate them, unfortunately you may not benefit from multi-tenancy and may need to set up separate sites.

See also