Appearance
Tenant Isolation
| Backlog field | Value |
|---|---|
| Story ID | CTRL-001 |
| Epic | Cross Cutting Controls |
| Story type | Security control |
| Review status | Draft - business analyst and business owner review required |
| Source evidence | Tenant resolution, current company/branch queries, authorization filters, repositories, and API policies |
| Last source review | 2026-07-10 |
As a company administrator, I want all reads and writes isolated to my tenant/company/branch so that no user can view or change another customer's business data.
Acceptance scenarios
- Given an authenticated user, when a list/report is requested, then only authorized tenant/company/branch data is returned.
- Given an ID belonging to another tenant, when it is submitted directly, then the operation is treated as inaccessible and applies no change.
- Background jobs, imports, exports, integration events, printouts, caches, and logs preserve the same isolation.