Security / Tenant isolation

Tenant isolation for a multi-user SaaS control plane.

Tenant isolation is the data and object boundary that keeps one customer's control plane separate from another's. Storage, identity, and objects stay tenant-aware.

Back to security See authentication

tenant isolation

tenant

storage boundary

multi-user

separation

SaaS boundary

Keep customers separated by construction.

This page is the reason the SaaS version can safely share infrastructure.

Boundary

Keep every object tied to a tenant.

Tenant isolation is the quiet part that keeps SaaS data from bleeding across customers.

Tenant ID

Every row and object belongs to one tenant.

Store boundary

The database or blob store must keep tenant data separate.

Access scope

Users only see the tenants they belong to.

Fallback modes

Self-hosted installs can still use local storage patterns.

Product behavior

Make tenant context visible in the app.

The UI makes the active organization, workspace, or client obvious.

Visible tenant

Show the active tenant context where decisions happen.

Object tagging

Tag rules, skills, and agents with the right tenant.

Migration path

Allow future storage providers without rewriting business logic.

Audit-ready

Even before audit pages exist, keep the model clean.