Tenant Isolation

How Ever Gauzy ensures complete data isolation between tenants.

Overview

Multi-tenancy in Gauzy uses row-level isolation — all entities include a tenantId column, and all queries are automatically filtered by the current user's tenant.

Isolation Layers

Layer 1: JWT Token

The JWT token contains the user's tenantId. This is validated on every request.

Layer 2: TenantPermissionGuard

The TenantPermissionGuard extracts the tenant from the JWT and sets it in the RequestContext.

Layer 3: Base Entity Classes

All entities extend TenantBaseEntity which includes:

class TenantBaseEntity {
  @Column()
  tenantId: string;

  @ManyToOne(() => Tenant)
  tenant: Tenant;
}

Layer 4: Service Layer

TenantAwareCrudService automatically appends tenantId to all queries:

findAll(filter) {
  // Automatically adds: WHERE tenantId = currentTenantId
  return super.findAll({
    ...filter,
    where: { ...filter.where, tenantId: RequestContext.currentTenantId() }
  });
}

Cross-Tenant Protection

Protection	Mechanism
Read isolation	Automatic WHERE clause
Write isolation	TenantId injected on create
Update/Delete isolation	Ownership validation
Relation traversal	Tenant-scoped joins
Public endpoints	No tenant context (read-only)

Testing Tenant Isolation

When developing new features, always verify:

User A (Tenant 1) cannot read User B's (Tenant 2) data
Cross-tenant IDs in requests are rejected
Public endpoints don't leak tenant-specific data

API Security Best Practices — API security
Multi-Tenancy Architecture — architecture overview

Overview​

Isolation Layers​

Layer 1: JWT Token​

Layer 2: TenantPermissionGuard​

Layer 3: Base Entity Classes​

Layer 4: Service Layer​

Cross-Tenant Protection​

Testing Tenant Isolation​

Related Pages​