Story: Tenancy foundation
Table of Contents
This page documents a story in Sprint 11. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Lay multi-tenant support at the schema and seeding layer, with the trigger machinery that lets existing C++ code 'just work'.
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 11 |
| Now | Completed 2026-02-01. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-02-01 |
Acceptance
- Tenant tables (types, statuses, tenants) in place.
tenant_idon ~70 entity tables; unique indexes + tenant_id indexes updated.- All INSERT triggers validate via
ores_iam_validate_tenant_fn. - All upsert + populate functions scoped to system tenant.
- BEFORE INSERT triggers auto-populate
tenant_idfrom session. - Test users default to the system tenant.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Initial tenant setup (schema) | DONE | 2026-05-19 | 2026-02-01 | ores_iam_tenant_types_tbl + tenant_statuses + tenants (bitemporal); tenant_id on ~70 entity tables; unique indexes + tenant_id-indexes; ores_iam_validate_tenant_fn on all relevant INSERT triggers; SuperAdmin + TenantAdmin roles; system tenant UUID; session.tenant_id lookup. |
| Tenancy and seeding | DONE | 2026-05-19 | 2026-02-01 | All populate scripts pass ores_iam_system_tenant_id_fn() as the first upsert parameter so foundational data is scoped to the system tenant. |
| Tenancy, login and tests | DONE | 2026-05-19 | 2026-02-01 | BEFORE INSERT triggers populate tenant_id from session variable; ores_iam_validate_tenant_fn coalesces with current session tenant; ores_test_ddl/dml_user default tenant set to system tenant; database_helper::set_system_tenant_context(). |
Decisions
- System tenant is a real row
- gives a stable target for platform-level data and seed code paths.
- Triggers populate tenant_id from session variable
- keeps the pre-existing C++ code working without per-call audits.
Out of scope
- RLS policies (handled in the test-isolation story).
- C++ tenant entity (handled in the codegen story).
See also
- ores.iam — owns the tenancy schema.