Gatefull

Multi-tenancy Architecture

Our system implements a multi-tenant architecture using a Shared Database with Discriminators approach.

Hierarchical Structure

The system is organized into a four-tier hierarchy to provide maximum flexibility for large organizations:

1. Company (Top Level)

Represents the legal entity or the main account. Billing, global users, and high-level policies are defined here.

2. Tenant (Isolation Unit)

A logical grouping within a company. Often used for different business units, departments, or project groups.

3. Catalog (Collection of Services)

A grouping of APIs and services. Catalogs allow for organizing resources by business domain or functional area.

4. Environment (Deployment Stage)

A specific runtime environment (e.g., Development, Staging, Production). Resources like Endpoints are ultimately deployed to an Environment within a Catalog.

Data Isolation

Every table in the PostgreSQL database contains a company_id (and often a tenant_id) column. The BaseController in the backend enforces isolation by:

  • Extracting the authorized company_id from the user's JWT.
  • Validating that any requested ID belongs to the user's active company.
  • Applying automatic filters to all outgoing SQL queries.

Role-Based Access Control (RBAC)

Users can have different roles in different companies. A user might be a Global Admin in Company A but only a Read-Only user in Company B.

  • Global Admin: Administrative access to all resources within a specific company.
  • User: Custom permissions based on resource types (Read/Write/Admin).