Skip to content

Multi-tenancy: auth, isolation, and RBAC

Maps to: Multi-tenancy: authentication, authorization, Agent Auth, RBAC.

Scope

Isolating end-user data, letting agents act with user-scoped credentials on third-party systems, and controlling operator access to deploy and observe.

Design questions

  • Identity propagation from edge API through to tool calls and trace metadata.
  • Resource tagging and filter rules on reads versus writes.
  • Separation between end-user tenancy and internal operator RBAC.
  • OAuth token storage, refresh, and revocation when users disconnect integrations.

Tradeoffs

  • Custom auth middleware maximizes flexibility; misconfiguration causes cross-tenant leaks.
  • Agent Auth reduces credential sprawl but centralizes sensitive token storage.
  • Strict RBAC can slow iteration for small teams; loose RBAC fails enterprise review.

Evaluation hooks

  • Cross-tenant access attempts on threads, memories, and traces must fail closed.
  • Agent calls third-party API with correct user scope only.
  • Operator roles cannot perform actions outside assigned policies.

Reference notes

See LangChain runtime article (multi-tenancy auth layers figure).