What does tenant-scoped querying mean?

It means every data retrieval must filter by the current tenantId to prevent cross-tenant access.

How can I ensure every index includes tenantId?

Define index schemas that incorporate tenantId and enforce migrations that update existing indexes accordingly.

What is tenant-aware encryption?

Keys are bound to individual tenants and managed by a KMS, so only authorized tenants and services can decrypt their data.

data-isolation-principles

npx machina-cli add skill tomkraaij/ai-skills-librarian/data-isolation-principles --openclaw

Files (1)

SKILL.md

382 B

Data Isolation Principles

Principles:

Every query must be tenant-scoped.
Every index should include tenantId.
Encryption keys must be tenant-aware.

Source

git clone https://github.com/tomkraaij/ai-skills-librarian/blob/main/fixtures/manual-tests/org-skills/skills/data-isolation-principles/SKILL.md

View on GitHub

Overview

Data Isolation Principles define how to keep tenant data separate in multi-tenant systems. They focus on scoping queries, indexing with tenant identifiers, and using tenant-aware encryption keys to prevent cross-tenant access. Following them supports security and regulatory compliance.

How This Skill Works

The principles mandate tenant-scoped queries, ensuring data access is filtered by tenantId. They require every index to include tenantId for efficient, isolated lookups, and encryption keys to be tenant-aware to prevent cross-tenant decryption. Practically, implement a tenantId filter in queries, extend indexes with tenantId, and manage keys per tenant with proper access controls.

When to Use It

Designing or auditing a multi-tenant database schema and access controls
Onboarding new tenants with isolated data boundaries
Strengthening security and compliance in a SaaS application
Investigating data access patterns and establishing tenant-specific auditing
Refactoring or migrating data to enforce stronger data isolation

Quick Start

Step 1: Add a tenantId field to all data models and ensure all queries filter by the current tenantId
Step 2: Extend or create indexes to include tenantId and verify query plans use them
Step 3: Implement tenant-aware encryption keys and enforce per-tenant key access via your KMS

Best Practices

Always scope every query by tenantId to prevent cross-tenant data leakage
Include tenantId in every index to support efficient tenant-scoped lookups
Use tenant-aware encryption keys managed by a robust KMS
Enforce tenant context at the application layer and in data-access services
Regularly review access logs and key usage for anomalous, cross-tenant activity

Example Use Cases

A SaaS CRM ensures all data queries include a tenantId filter, isolating customer data by tenant
Indexes are defined with tenantId to enable fast, tenant-scoped queries
Encryption keys are bound to each tenant and retrieved via a tenant-aware KMS
Audit logs show only tenant-scoped data access and no cross-tenant reads
Tenant onboarding includes migrations that append tenantId to existing records and update access controls

Frequently Asked Questions

Add this skill to your agents