Hi, I’m creating a multi tenant app using sync gateway. The sync configuration function its like this:
"sync": `
function sync(doc, oldDoc) {
if (!doc.tenant_id) {
throw({ forbidden: "Document missing tenant_id" });
}
// Channel per tenant
channel("tenant_" + doc.tenant_id);
// Access control
requireAccess("role_tenant_" + doc.tenant_id);
}
`
I’ve created a role that will work as a tenant:
PUT http://x:4985/my_db/_role/role_tenant_IKkguk
The GET return this:
{
"name": "role_tenant_UEyFlb",
"admin_channels": [
"tenant_UEyFlb"
],
"all_channels": [
"!",
"tenant_UEyFlb"
]
}
Then I create a user called “test” for that tenant:
POST: http://x:4985/my_db/_user/tenant_IKkguk_test
The GET return this:
{
"username": "tenant_IKkguk_test",
"channels": [
"!",
"tenant_IKkguk"
],
"admin_roles": [
"role_tenant_IKkguk"
],
"effective_roles": [
"role_tenant_IKkguk"
]
}
But then when I login with that user:
POST http://x:4984/my_deb/_session
this is the response:
{
"authentication_handlers": [
"default",
"cookie"
],
"ok": true,
"userCtx": {
"channels": {
"!": 1
},
"name": "tenant_IKkguk_test"
}
}
The channels are not assigned to the user. When I use the session cookie with:
“SyncGatewaySession=xxxx; Path=/my_db; Expires=Wed, 28 May 2025 23:33:35 GMT”
to create any document I get the following response:
2025-05-27T23:35:58.064Z [INF] c:#063 db:my_db Sync fn rejected doc "<ud>customer_u0AlDS</ud>" / "<ud></ud>" --> 403 sg missing channel access
2025-05-27T23:35:58.064Z [DBG] c:#063 db:my_db rejected doc "<ud>customer_u0AlDS</ud>" / "<ud></ud>" : new=<ud>map[_id:customer_u0AlDS _rev:1-baf15d33176831ff7bf72fa2a854723e name:test tenant_id:IKkguk type:customer]</ud> old=<ud></ud>
2025-05-27T23:35:58.064Z [DBG] CRUD+: c:#063 db:my_db Did not update document "<ud>customer_u0AlDS</ud>" w/ xattr: 403 sg missing channel access
2025-05-27T23:35:58.064Z [INF] HTTP: c:#063 db:my_db #063: --> 403 sg missing channel access (2.9 ms)
This is the result I get when doing the GET _session:
{
"authentication_handlers": [
"default",
"cookie"
],
"ok": true,
"userCtx": {
"channels": {
"!": 1
},
"name": "tenant_IKkguk_test"
}
}
I dont understand why the channel is not assigned to the session after I logging. I’ve restarted SyncGateway without any result.
1 post - 1 participant