Introducing Multi-Tenant Data Isolation Core
Introducing Multi-Tenant Data Isolation Core
Version 1.0.0
With the release of v1.0.0, we are shipping the foundational data isolation layer that underpins every feature of the platform. This release focuses on one thing: making sure your organisation's data is always yours — and only yours.
The Problem We're Solving
In any multi-tenant SaaS platform, the most critical guarantee is that tenants cannot see each other's data. This is trivially easy to say and notoriously difficult to get right at scale. Application-level filtering is fragile — a missed WHERE tenant_id = ? clause in a single query can expose sensitive records.
We solved this at the database level.
How It Works
Row-Level Security (RLS)
Every table in the platform database is protected by a row-level security policy. When a query is executed, the database engine itself enforces tenant filtering — regardless of what the application layer does or doesn't do. This means:
- A query that forgets to filter by tenant will return zero rows, not the wrong rows.
- Tenant isolation is a database guarantee, not just an application convention.
Tenant Context Propagation
Tenant context is resolved at the start of every request and automatically propagated through the data access layer. Developers building on the platform do not need to manually pass or apply tenant filters — the infrastructure handles it transparently.
Performance Through Indexing
Row-level security is only viable in production if it doesn't cost you query performance. Every tenant-scoped access pattern is backed by purpose-built indexes, ensuring that filtering by tenant context is a fast index seek rather than a full table scan — even as data volumes grow.
Why This Matters
| Without RLS | With RLS (v1.0.0) |
|---|---|
| Tenant isolation relies entirely on application code | Tenant isolation is enforced by the database engine |
| A single missing filter can cause a data breach | Missing filters return no data — no silent leakage |
| Every developer must remember to apply tenant filters | Filters are automatic and invisible to application code |
| Difficult to audit consistently | Policies are centralised and auditable |
What This Enables
This release is the foundation all future platform capabilities are built on. With data isolation guaranteed at the infrastructure level, subsequent releases can focus on delivering HR, finance, and operational features with the confidence that tenant boundaries are always respected.
Getting Started
If you are deploying v1.0.0 for the first time, tenant context is configured at the connection and session level. Refer to the Getting Started guide for setup instructions. No additional configuration is required to benefit from row-level security — it is active by default for all tenants.