Tenant Isolation
How Ever Gauzy ensures complete data isolation between tenants.
Overviewโ
Multi-tenancy in Gauzy uses row-level isolation โ all entities include a tenantId column, and all queries are automatically filtered by the current user's tenant.
Isolation Layersโ
Layer 1: JWT Tokenโ
The JWT token contains the user's tenantId. This is validated on every request.
Layer 2: TenantPermissionGuardโ
The TenantPermissionGuard extracts the tenant from the JWT and sets it in the RequestContext.
Layer 3: Base Entity Classesโ
All entities extend TenantBaseEntity which includes:
class TenantBaseEntity {
@Column()
tenantId: string;
@ManyToOne(() => Tenant)
tenant: Tenant;
}
Layer 4: Service Layerโ
TenantAwareCrudService automatically appends tenantId to all queries:
findAll(filter) {
// Automatically adds: WHERE tenantId = currentTenantId
return super.findAll({
...filter,
where: { ...filter.where, tenantId: RequestContext.currentTenantId() }
});
}
Cross-Tenant Protectionโ
| Protection | Mechanism |
|---|---|
| Read isolation | Automatic WHERE clause |
| Write isolation | TenantId injected on create |
| Update/Delete isolation | Ownership validation |
| Relation traversal | Tenant-scoped joins |
| Public endpoints | No tenant context (read-only) |
Testing Tenant Isolationโ
When developing new features, always verify:
- User A (Tenant 1) cannot read User B's (Tenant 2) data
- Cross-tenant IDs in requests are rejected
- Public endpoints don't leak tenant-specific data
Related Pagesโ
- API Security Best Practices โ API security
- Multi-Tenancy Architecture โ architecture overview