Universal Tenant Model (UTM)
Every Cavaridge™ suite uses the same multi-tenant primitive: a shared tenants table, six tenant types, and three enforcement layers.
The 6 tenant types
Section titled “The 6 tenant types”| Type | Hierarchy |
|---|---|
platform | root |
msp | child of platform |
client | child of msp (or platform) |
site | child of client |
prospect | child of platform |
individual | child of platform |
Three enforcement layers
Section titled “Three enforcement layers”- DB (RLS) — every tenant-scoped table has
tenant_idFK + RLS policy viaauth.tenant_visible(). - API (middleware) — every route wraps in
tenantGuard()from@cavaridge/auth/server. - UI (provider) — every customer-facing app wraps in
<TenantProvider>from@cavaridge/auth/client.
Pitfalls
Section titled “Pitfalls”- Don’t define an app-local
tenantstable — always FK to the shared one. - Don’t read
tenant_idfrom request body — resolve viatenantGuard. - Don’t bypass RLS in scripts unless verifiably-scoped.
Cross-references
Section titled “Cross-references”- RBAC — the role layer above tenancy
- Multi-tenancy patterns — code examples