Loading...
Published Jun 30, 2026 · 1 min read
A case study on tenant-scoped architecture, permissions, and auditability for Moroccan payroll workflows.
Problem
Generafi needs shared infrastructure economics while keeping each tenant's payroll, permissions, and audit history isolated.
Approach
Tenant-scoped data access, explicit permission checks, and auditable rule versions at the database and application boundaries.
The product needs the economics of a shared platform, but payroll data demands strict isolation. That makes tenant identity a core data-model concern, not just a session property.
Risk
Application-only filtering is too easy to bypass accidentally. Tenant scope needs to be visible at every boundary where data is queried or mutated.
The architecture keeps tenant identifiers attached to domain records, scopes queries by tenant, and treats audit events as part of the product experience.
Back to project