Skip to content

Tenant Column Standard

Purpose

The Tenant Column Standard defines how tenant and organization context appears in future database specifications.

Standard Context Columns

Column Requirement
tenant_id Required for tenant-scoped customer data.
organization_id Required where data belongs to, is interpreted for, or is visible within a customer organization.
actor_id Required where ownership, assignment, decision, or audit context matters.
service_account_id Used where service actions must be traced separately from human actors.

Rules

  • Tenant-scoped records must include tenant context unless a documented exception exists.
  • Organization-bound records must include OrganizationId.
  • Tenant context is enforced in repositories and APIs; it is not optional client filtering.
  • Unique constraints on customer data usually include tenant or organization scope.
  • Read models and projections must preserve tenant and organization scope.
  • Cross-tenant administration views must be explicitly marked and protected.

Tenant Data Flow

flowchart LR
    Request[Request Context]
    Identity[Identity Access]
    Repository[Repository Filter]
    Table[(Tenant-Scoped Table)]
    Audit[Audit Context]

    Request --> Identity
    Identity --> Repository
    Repository --> Table
    Table --> Audit

Error Prevention

Database specs must identify tenant scope early. Retrofitting tenant columns after implementation is considered a high-risk migration.