Workspace / Tenant Separation
Audience: Admin / Security-minded users
Page Type: Concept
Summary: COS can host multiple companies/workspaces on the same platform. Each workspace’s data is kept separate from other workspaces.
What this page covers
- What “workspace/tenant separation” means in practice
- Which data is separated by workspace
- What to do if you suspect cross-workspace data exposure
This page intentionally avoids low-level implementation details.
What is a workspace/tenant?
In COS, a workspace/tenant is typically the boundary for a single company (or a dedicated workspace inside a larger group). This boundary ensures users only see data that belongs to their workspace.
Tenant Groups (Holding / Multi-Company)
Every tenant in COS belongs to a Tenant Group. A Tenant Group is a container that groups multiple tenants — commonly used for holding companies or consulting providers managing several clients.
Tenant Group roles
| Role | What they can do |
|---|---|
| GROUP_ADMIN | Full access to business data across all tenants in the group; can manage users |
| GROUP_MEMBER | View access across tenants in the group (reserved for future use) |
Key points:
- A GROUP_ADMIN can switch between tenants within their group without needing separate credentials.
- Group-level access does not automatically grant tenant-level Admin rights — access is governed by the layer model in Roles & Permissions.
- Data remains isolated between tenants even within the same group; GROUP_ADMIN visibility is explicitly granted, not a bypass of isolation.
What data is separated?
- Users and roles
- Organization structure
- Strategic cycles
- OKRs, KPIs, initiatives
- Reports and dashboards
- Audit log records
What should I do if I suspect an issue?
If you suspect “I can see another workspace’s data”:
- Capture screenshots and timestamps
- Note the user account and role
- Report it to Support and treat it as a security incident