Roadmap: Multi-org tenancy via per-tenant database deployment #5
Description
Summary
Add multi-org tenancy support to Iris. Each tenant/organisation will have its own isolated database deployment rather than sharing a single database with tenant_id scoping.
Context
Currently Iris is a single-organisation system:
- All core data (sets, elements, diagrams, models, relationships) is globally shared across all authenticated users
- No tenant_id columns or entity-level ACLs exist
- The only per-user data is bookmarks and AI chat history
- RBAC (ADR-005) controls what users can modify, not what they can see
Approach
- Database-per-tenant isolation — each organisation gets its own dedicated database instance
- This provides strong data isolation without requiring schema changes (no tenant_id columns needed)
- Routing layer to direct requests to the correct tenant database based on authentication/org context
- Tenant provisioning and lifecycle management (create, migrate, backup, decommission)
Key considerations
- Database provisioning and migration strategy across tenant databases
- Connection pooling and resource management at scale
- Tenant-aware authentication and routing middleware
- Admin tooling for tenant lifecycle management
- Backup and disaster recovery per tenant
- Cost and operational overhead vs shared-database approaches
Status
Roadmap — not yet scheduled for implementation.
🤖 Generated with Claude Code