Organisation Data Isolation Guard
Component Detail
Description
Middleware utility that enforces organisation-scoped row-level security on all summary-related Supabase queries. Ensures that summary generation, retrieval, and aggregation never leak data across organisation boundaries.
org-data-isolation-guard
Summaries
The Organisation Data Isolation Guard is a foundational trust and compliance safeguard that ensures no organisation can ever access another organisation's summary data. In regulated environments and multi-tenant SaaS platforms, data leakage between client accounts represents one of the most damaging business risks — carrying potential legal liability, regulatory fines, and irreversible reputational damage. By enforcing organisation-scoped boundaries at the query level, this component directly protects revenue retention, enterprise contract renewals, and customer trust. It is a non-negotiable prerequisite for selling to enterprise and public sector clients who require data segregation as part of procurement due diligence.
The Organisation Data Isolation Guard is a shared backend utility with low internal complexity that must be delivered early in the project timeline, as it is a foundational dependency for all summary-related query work. Its placement as a shared infrastructure component means it blocks any feature that performs cross-organisational data retrieval, so it must be scoped into the earliest sprint alongside database setup. Testing requirements include unit tests for each guard function, integration tests verifying query injection, and negative-path tests confirming leakage is blocked. Deployment is straightforward as a backend-only utility with no UI, reducing rollout risk significantly.
The Organisation Data Isolation Guard is a backend service utility implementing row-level security enforcement for all Supabase summary queries. It exposes three core interfaces: `withOrgScope(query, organisationId)` injects an `organisation_id` filter into any Supabase query builder before execution; `validateOrgMembership(userId, organisationId)` performs a database lookup to confirm the requesting user belongs to the target organisation; and `assertIsolation(queryBuilder)` throws if a query builder lacks the required scope filter. It has no external dependencies, making it a pure utility layer. Integration pattern: wrap every summary-related Supabase query through `withOrgScope` at the service boundary, never at the repository level directly.
All blocked queries must be logged for audit trail purposes.
Responsibilities
- Inject organisation_id filter into all summary queries
- Validate that the requesting user belongs to the target organisation
- Log and block any query attempted without a valid organisation scope
Interfaces
withOrgScope(query, organisationId)
validateOrgMembership(userId, organisationId)
assertIsolation(queryBuilder)
Related Data Entities (2)
Data entities managed by this component