Hi : We have two applications being hosted on teh same Temporal installation ( with Elastic Search ).
Each application uses its own namespace.
is it possible to isolate teh data perfectly so that each application cannot see the others data.
- with respect to the ability to invoke workflows/queries
- with respect to teh data stored in Elastic search
Or is Temporal, in its core designed to host only a single application ?
–sony
Namespace is the unit of isolation and rate limiting. If you have multiple applications you can isolate them in different namespaces, which can prevent situations where one application can experience latencies due to another application in the same namespace experiencing large load.
Search attributes are added across namespaces, so once added they would be available in all.
Or is Temporal, in its core designed to host only a single application ?
No, it’s not.
Hope this helps.
Thank you for the quick response Tihomir.
So you are saying that all kinds of data is completely inaccessible across namespaces.
( And that Temporal installation can be used for multi-tenancy using namespaces ) ?
Temporal installation can be used for multi-tenancy using namespaces
Temporal does support multi-tenancy by using namespaces
all kinds of data is completely inaccessible across namespaces
Well, there is only one database, and not db per namespace.
Task queues (on the matching service side) are per namespace.
Each of your applications (regardless of namespace) should in cases where isolation is important, and where data is valuable, use own client-side data encryption.
Note that data/namespace isolation is orthogonal to security as by default any client can connect to any namespace.