Overview

Tenant Security Review provides a focused checklist to verify tenant isolation controls in multi-tenant environments. It covers data isolation, authorization boundaries, rate limiting, and audit trails, helping you identify security gaps and ensure adherence to your baseline. This copy mirrors the org baseline to test hash duplicates.

How This Skill Works

The skill guides reviewers through three core checks: tenant-scoped queries, authorization checks, and cross-tenant cache leaks. Review each control area against the baseline, then document findings and remediation steps to close gaps.

When to Use It

• During onboarding of a new multi-tenant deployment
• As part of regular security baselines and audits
• When validating tenant-scoped queries and access controls
• Before deploying features that span multiple tenants
• During incident reviews for potential cross-tenant leakage

Quick Start

1. Step 1: Open the Tenant Security Review checklist
2. Step 2: Validate data isolation, auth boundaries, rate limits, and audit trails
3. Step 3: Record findings and plan remediations

Best Practices

• Cross-check data isolation in both DB and caches
• Validate tenant-scoped queries against all tenants
• Always verify authorization checks for tenant boundaries
• Ensure rate limits apply per tenant and log violations
• Document findings with remediation steps and owner

Example Use Cases

• Identified cross-tenant cache leaks exposing data between tenants
• Detected missing tenant-scoped queries allowing over-broad data access
• Auth boundary gaps enabling tenant escalation during a test
• Signin audit trails lacked tenant IDs in logs
• Baseline deviation found when comparing to org standard

Frequently Asked Questions