Tenant feature in ehrbase version 23

Mancini · 28 March 2023 09:52

CDR [ehrbase]
We are trying to explore tenant fetaure of ehrbase in version 23 for our use case .

As part of this below is the configuration we are using:
EHRbase : security is enable with OAUTH and jwt issuer-uri is set
Keycloak(Auth server) : Set up with two new clients with respective users and roles associated and also claim with “tnt” with specific value.

When we run below aql , which given count of compositions for the given template.
SELECT count(c/uid/value) FROM ehr e CONTAINS COMPOSITION c WHERE c/archetype_details/template_id/value=‘test_tenant.en.v0’
Ideally this should have returned only those compositions whose tenant id matches with the one that is being sent as part of jwt token, instead its returning all values irrespective of the tenant for which this was created.

Below is the API used with OAuth
/rest/openehr/v1/query/aql

Please let us know, if we are missing anything as part of configuration or part of API itself.

Also, noticed that, once we add new templates/EHR with new tenants the DB table “tenant” is not getting inserted with new value. Was this intentional or do we need to do something as part of this.

Thanks in advance.

birger.haarbrandt · 28 March 2023 10:01

Hi Mancini,

Multi-Tenancy is a function that requires an additional plugin which is part of the enterprise offering (CDR Base as part of HIP CDR) only.

Mancini · 28 March 2023 10:41

Thanks for replying.

If that is the case, can you please confirm , code is working partially, that we are able to create new compositions, templates and Ehr Ids with new tenant , but only AQL is failing ? and it only works with default tenant which is part of the code ?

Thanks in advance.

birger.haarbrandt · 28 March 2023 11:10

Yes, there should be no problem working with the single “default” tenant.