Multi-Schema Tenancy
Database-level tenant isolation strategies.
Tenant Isolation Modelsโ
| Model | Description | Isolation | Complexity |
|---|---|---|---|
| Shared Schema | All tenants in one DB | Low | Low |
| Schema per Tenant | Separate schema per tenant | Medium | Medium |
| DB per Tenant | Separate database | High | High |
Gauzy's Approach: Shared Schema with Row-Level Securityโ
Gauzy uses a shared schema model with tenantId on every entity:
export abstract class TenantBaseEntity extends BaseEntity {
@MultiORMColumn()
tenantId: string;
@MultiORMManyToOne(() => Tenant)
tenant: Tenant;
}
Automatic Tenant Filteringโ
Every query is automatically scoped to the current tenant via:
- TenantPermissionGuard โ extracts
tenantIdfrom JWT - RequestContext โ stores tenant info for the request lifecycle
- Service base class โ applies tenant filter to all queries
// In TenantAwareCrudService
async findAll(filter: any): Promise<IPagination<T>> {
const tenantId = RequestContext.currentTenantId();
return super.findAll({
...filter,
where: { ...filter.where, tenantId },
});
}
PostgreSQL Row-Level Security (Advanced)โ
For additional database-level enforcement:
ALTER TABLE employee ENABLE ROW LEVEL SECURITY;
CREATE POLICY tenant_isolation ON employee
USING (tenant_id = current_setting('app.tenant_id')::uuid);
Cross-Tenant Queries (Admin)โ
Super admin can query across tenants:
if (RequestContext.hasRole(RolesEnum.SUPER_ADMIN)) {
// Skip tenant filter
return super.findAll(filter);
}
Related Pagesโ
- Multi-Tenant Data Flow โ tenant flow
- Entity Inheritance โ base entities
- Guard System โ tenant guards