Advice on Users/Roles strategy for complex multi-tenant app

I have a need to build a SINGLE cloud server for multi-tenant app.

The app is essentially a CRM and operations platform for non-profits.

There are two pertinent data types: FAMILIES (accounts) and MEMBERS (people from those families)

What I need to deliver is this:

  • a user can be granted access to their FAMILY ‘portal’
  • the portal allows them to manage FAMILY contact info, data on themselves AND any other associated family MEMBERS, see FAMILY transactions/statements etc…
  • no other MEMBER users (except internal staff) must be able to see any of this personally identifiable or sensitive data, suggesting the need to manage ACLs by family.

So, I am thinking I need to set up each MEMBER with a related USER account in order to grant access to data via ACL

Additionally, it seems that the best way to manage the data of family contact info by multiple MEMBERS (via their associated USER accounts) is to create a ROLE for each FAMILY and grant permission to certain MEMBERS (ie parents of that family) to have access to that ROLE.

The only problem of course is it leads to hundreds of thousands of USER accounts and 10s of thousands of ROLES.

Alternatively, would it be better to skip creating a role ROLE for each family, and just try to set each authorized MEMBER to each child data record’s ACLs directly as a user (likely as an afterSave callback)?

I would appreciate any thoughts/suggestions!

Thanks community

I’d try one of these:

  • create a role per family;
  • add beforeFind, beforeSave, beforeDelete triggers to the Member class which automatically add the constraints;
  • disable all operations on Member class via CLP and create cloud code functions for CRUD operations on this class which implement the constraints.