Data Isolation
Understand how bVAT ensures complete data isolation between tenants. Learn about tenant data separation, security measures, and how the multi-tenant architecture works.
Introduction
Data isolation is a fundamental security feature of bVAT's multi-tenant architecture. It ensures that each tenant's data is completely separate and inaccessible to other tenants, even when they share the same database infrastructure.
This isolation is enforced at multiple levels:
- Application Level: Tenant context middleware filters all requests
- Database Level: Row-level security and tenant_id filtering
- User Level: Role-based access control (RBAC)
- Session Level: Secure tenant context management
How Data Isolation Works
How It Works:
- Tenant context is established early in the request pipeline
- All database queries automatically include tenant filtering
- Users can only access data for tenants they belong to
- Tenant switching is controlled and logged
Security Benefit: Prevents cross-tenant data access at the application level
How It Works:
- Every data table includes a tenant_id column
- Database queries are automatically filtered by tenant
- Foreign key constraints ensure data integrity
- Cascade deletes maintain isolation when tenants are removed
Security Benefit: Database-level protection prevents data leakage even if application logic fails
How It Works:
- Users can belong to multiple tenants with different roles
- Each user-tenant relationship is tracked separately
- Role-based access control (RBAC) enforces permissions
- Users cannot access tenants they're not assigned to
Security Benefit: Explicit access control ensures users only see authorized tenant data
How It Works:
- Current tenant is stored in secure cookies
- Tenant switching requires proper authentication
- Session data is tenant-specific
- Automatic tenant context attachment to all requests
Security Benefit: Session-level isolation prevents accidental cross-tenant access
What Data Is Isolated
The following data types are completely isolated per tenant:
- Input VAT entries
- Output VAT entries
- VAT returns and submissions
- Period locks and filing status
- Business profile and settings
- Address and contact information
- VAT registration details
- Reporting preferences
- Team members and user assignments
- Role assignments per tenant
- User activity and audit logs
- Access permissions
- Custom reports
- Analytics data
- Export history
- Report configurations
- Subscription plans
- Billing information
- Payment history
- Usage limits and tracking
Security Features
All database queries automatically include tenant_id filtering, preventing accidental cross-tenant data access.
Users have different roles in different tenants, with permissions enforced at both application and database levels.
All data access and modifications are logged with tenant context, providing a complete audit trail.
Tenant switching requires proper authentication and is logged for security monitoring.
Even though all tenants share the same database, their data is completely separated:
Tenant A
- ✓ Can see only Tenant A data
- ✗ Cannot see Tenant B data
- ✗ Cannot see Tenant C data
Tenant B
- ✗ Cannot see Tenant A data
- ✓ Can see only Tenant B data
- ✗ Cannot see Tenant C data
Tenant C
- ✗ Cannot see Tenant A data
- ✗ Cannot see Tenant B data
- ✓ Can see only Tenant C data
Best Practices
Always verify you're working in the correct tenant before making changes. Use the tenant selector to switch if needed.
Regularly review which users have access to which tenants. Remove access promptly when users leave or no longer need it.
Each tenant's data is backed up separately. Ensure you have backups for all important tenants.
Understand that tenant isolation is a security feature. Never attempt to access data from tenants you don't belong to.
Frequently Asked Questions
Can I see data from other tenants?
No. Data isolation ensures you can only access data for tenants you're assigned to. Even if you have access to multiple tenants, you must explicitly switch between them.
What happens if I delete a tenant?
All data associated with that tenant is permanently deleted (cascade delete). This action is irreversible, so be certain before deleting a tenant.
Can data leak between tenants?
No. Multiple layers of security (application-level filtering, database constraints, and RBAC) ensure complete data isolation. The system is designed to prevent any cross-tenant data access.
How do I know which tenant I'm currently viewing?
The current tenant is displayed in the navigation bar and in the tenant selector. You can switch tenants using the tenant selector dropdown.
Can I share data between tenants?
No. Tenants are completely isolated. If you need to share data, you would need to export from one tenant and import into another manually.
- Complete Isolation: Data isolation is absolute. There is no way to access another tenant\'s data, even accidentally.
- Multiple Layers: Security is enforced at application, database, and session levels for defense in depth.
- Audit Trail: All data access is logged with tenant context for security monitoring and compliance.
- No Data Sharing: Tenants cannot share data directly. Export/import must be done manually if needed.
Related Articles
Or explore other documentation: