LogoLogo
  • OnePub
  • Guides
    • Installing
      • Install CLI tools
      • Register
      • Invite a member
      • Accept an Invite
      • CLI integration
        • Manually add publish_to
        • Implicit Integration
      • IDE integration
        • Android Studio
        • Visual Studio Code
      • Pre Dart 2.15
      • Pre Dart 2.12
    • Searching
    • Watching packages
    • Publishing Packages
      • The hard way
    • Private dependencies
      • The hard way
    • CLI Tools
      • login
      • logout
      • doctor
      • export
      • import
      • pub add
      • pub private
      • pub global activate
      • pub global deactivate
    • CI/CD
    • SSH
    • Docker
    • Community Choice Awards
  • Fundamentals
    • Members
    • Teams
    • Roles
    • Naming Packages
  • Workflows
    • Distributing to Customers
      • Purchase a Customer Distribution License
      • Security considerations
      • Publish a package
      • Invite a customer
      • Customer installation instructions
      • Conditions Apply
    • For Support
    • Setting up CI/CD
    • Vendoring Dependencies
    • Switching Organisations
    • Creating a Team Leader
  • FAQ
    • Is GST/VAT/Sales Tax applicable?
    • Does OnePub.dev have access to my personal information?
    • What is your SLA?
    • How do I get support?
    • How do I use OnePub from my CI/CD environment?
    • How to invite team members to join OnePub
    • How to publish a private package
    • 401: Unauthorized
  • Solved by OnePub
  • Data Retention Policy
  • Payments
Powered by GitBook
On this page
  • Security
  • 'Team per customer' model

Was this helpful?

  1. Workflows
  2. Distributing to Customers

Security considerations

Once you have purchased a Customer Distribution License (CDL) you need to do some preparation before inviting your first customer:

OnePub uses Teams to control which packages a customer has access to.

Security

Configuring your Customer/Teams incorrectly may result in data leakage between customers.

The primary concern is breaching a Non-disclosure Agreement (NDA). You may have an NDA that forbids you from disclosing a customer's name publicly.

All members of a team can see each other's details, so associating customers in a single team may reveal their identity, breaching your NDA.

Even if you don't have such an NDA, segmenting customers by team, is considered good practice.

Members of different Customers should NEVER be added to the same team.

'Team per customer' model

To keep you and your customer's data safe we use a 'Team per customer' model.

  • create a OnePub Team for each customer.

  • associate each package (that the customer has a license for) with the Customer's team.

  • Invite each of the Customer's developers, selecting the team you created above.

If the customer purchases another package then you can simply associate it with the Customer's team, to give all of the Customer's devs instant access.

Never associate developers from different customers with the same team!!!

We recommend that the Team name is the Customer's business name.

PreviousPurchase a Customer Distribution LicenseNextPublish a package

Last updated 2 years ago

Was this helpful?