Appwrite Teams provides an effective way to implement multi-tenancy in your applications. Create a team for each tenant to handle multi-tenant apps with built-in data isolation.
Learn more about Teams
What is multi-tenancy?
Multi-tenancy is a design pattern where a single instance of software serves multiple user groups (tenants). With Appwrite Teams, you can:
- Create a team for each tenant in your application
- Control access to resources using team-based permissions
- Define different roles within each tenant
- Scale to unlimited tenants without code changes
Common use cases
- SaaS applications: Organizations that need isolated data and users
- Collaborative tools: Projects with different access levels
- Educational platforms: Schools with teachers and students
- Business software: Companies with department-based access control
Create teams for tenants
When a new tenant signs up, create a dedicated team that serves as their isolated environment.
import { Client, Teams, ID } from "appwrite";
const client = new Client()
.setEndpoint('https://<REGION>.cloud.appwrite.io/v1')
.setProject('<PROJECT_ID>');
const teams = new Teams(client);
// Create team for a new tenant
const tenantTeam = await teams.create(
'example_corp', // Team ID for tenant
'Example Corp', // Tenant name
['owner', 'admin', 'member'] // Tenant roles
);
Add members to tenants
Invite users to join a tenant using team memberships. Each member can be assigned different roles for access control.
import { Client, Teams } from "appwrite";
const client = new Client()
.setEndpoint('https://<REGION>.cloud.appwrite.io/v1')
.setProject('<PROJECT_ID>');
const teams = new Teams(client);
// Invite a member to the tenant
const membership = await teams.createMembership(
'example_corp', // Team/tenant ID
['admin'], // Member's role in the tenant
'user@example.com', // User's email
undefined, // userId (optional)
undefined, // phone (optional)
'https://example.com/accept-invite' // Redirect URL after accepting
);
Secure resources with team permissions
Control access to rows and resources using team-based permissions. This ensures data isolation between tenants.
import { Client, TablesDB, ID, Permission, Role } from "appwrite";
const client = new Client()
.setEndpoint('https://<REGION>.cloud.appwrite.io/v1')
.setProject('<PROJECT_ID>');
const tablesDB = new TablesDB(client);
// Create a row that only members of "Example Corp" tenant can access
const row = await tablesDB.createRow(
'invoices_db',
'invoices',
ID.unique(),
{
title: 'Q2 Invoice',
amount: 2500.00,
customer: 'Example Customer',
status: 'pending',
tenant_id: 'example_corp'
},
[
// All Example Corp team members can read
Permission.read(Role.team('example_corp')),
// Only admins can update
Permission.write(Role.team('example_corp', ['admin']))
]
);
Query tenant data
When querying data, users will automatically only see rows they have permission to access based on their team memberships.
import { Client, TablesDB, Query } from "appwrite";
const client = new Client()
.setEndpoint('https://<REGION>.cloud.appwrite.io/v1')
.setProject('<PROJECT_ID>');
const tablesDB = new TablesDB(client);
// Current user will only see invoices they have access to
const rows = await tablesDB.listRows(
'invoices_db',
'invoices'
);
// For specific tenant data, you can add a query filter
const tenantDocuments = await tablesDB.listRows(
'invoices_db',
'invoices',
[
Query.equal('tenant_id', 'example_corp')
]
);
Learn how to manage team invitations