Praisma Hub LogoPraisma Hub

6.1.2 Developer Guide — Architecture — Organization Scoping — Model Isolation

Organization scoping provides an additional isolation layer within a tenant by ensuring that all models and queries are bound to a specific organization context. This allows multiple organizations to operate safely within the same tenant while maintaining strict separation of data and actions.

Organizational Context

An organization represents a logical boundary inside a tenant. All user actions are executed within an active organization context resolved at runtime.

Context resolution sources:

Authenticated user membership

Explicit organization selection

Request-scoped context binding

Once resolved, the organization context is immutable for the duration of the request.

Model Scoping Strategy

Models that store organization-owned data are automatically scoped by an organization identifier. Queries executed without a valid organization context are rejected.

Scoping characteristics:

Mandatory organization_id column

Automatic query constraints

No implicit global access

Example scoped model:

class Content extends Model { use OrganizationScoped; }

Query Enforcement

Organization scoping is enforced at the query layer to prevent accidental or malicious cross-organization access.

Enforcement rules:

organization_id injected into all queries

Writes validated against active context

Reads filtered deterministically

Example enforcement:

Content::where('organization_id', currentOrganizationId())->get();

Relationship Handling

Relationships between models respect organization boundaries. Cross-organization relations are not permitted unless explicitly designed and validated.

Relationship guarantees:

Parent and child share organization scope

Joins enforce matching organization_id

Eager loading remains scoped

Background Jobs and Async Tasks

Asynchronous jobs carry organization context explicitly. Jobs cannot execute without a resolved organization scope.

Example job dispatch:

dispatch(new ProcessContentJob($contentId, $organizationId));

Error Handling and Safety

Requests missing or violating organization scope fail fast with explicit errors. Silent fallback behavior is not allowed.

Failure guarantees:

Deterministic authorization errors

No partial execution

Logged violations

Auditing and Traceability

Organization scope is included in audit logs and analytics events to support traceability.

Example audit entry:

AuditLog::record('content.updated', [ 'organization_id' => currentOrganizationId() ]);

Security and Isolation

Organization scoping complements tenant isolation. Even within the same tenant, organizations cannot read or mutate each other’s data. Enforcement occurs server-side and cannot be bypassed by client input.