Tenant İzolasyonu & Veri Güvenliği

Tenant izolasyonu, data güvenliği, audit log, compliance.

Audience: Admin, Security, Compliance Page Type: Concept Summary: COS multi-tenant architecture, complete data isolation, audit capabilities.

Tenant Architecture

COS Platform (Single instance)
  │
  ├─ Tenant 1 (Company A)
  │  ├─ Database rows (tenant_id = ABC123)
  │  ├─ Users (isolated)
  │  ├─ OKR data (isolated)
  │  └─ Audit log (isolated)
  │
  ├─ Tenant 2 (Company B)
  │  ├─ Database rows (tenant_id = XYZ789)
  │  ├─ Users (isolated)
  │  ├─ OKR data (isolated)
  │  └─ Audit log (isolated)
  │
  └─ Tenant N

Isolation Mechanisms

1. Database Level

Query enforcement:
WHERE tenant_id = '${current_tenant_id}'

Applied to:
├─ users (tenant_id filter)
├─ organizations (tenant_id filter)
├─ okr (tenant_id filter)
├─ measurements (tenant_id filter)
└─ All tables

2. Request Level

Every HTTP request:
  ├─ Extract: X-Tenant-ID header
  ├─ Validate: JWT contains same tenant
  ├─ Apply: TenantGuard middleware
  └─ Query: WHERE tenant_id = header

3. Row-Level Security (RLS)

Database rules:
├─ User query user[tenant] only
├─ User query their org tree only
├─ User query their OKRs only
└─ Cross-tenant access = DENIED

Authentication & Authorization

User Authentication

Login flow:
├─ Email + password
├─ System checks: active user?
├─ JWT token generated (includes tenant_id)
├─ Token valid 24 hours
└─ Refresh token available

Request Authorization

Before data access:
├─ JWT valid? (not expired)
├─ Tenant in JWT = Request tenant? (must match)
├─ User role has permission? (RBAC)
└─ Result: Grant or 403 Forbidden

Audit Logging

What Gets Logged

All mutations:
├─ user.create / user.update / user.delete
├─ okr.create / okr.update / okr.score
├─ theme.create / measurement.update
├─ approval.accept / approval.reject
├─ login / logout / password_change
└─ All with: timestamp, user, action, before/after values

Access Audit Log

Admin → Audit Log
Filters available:
- Date range
- Entity type (User, OKR, etc.)
- Action (create, update, delete)
- User (who did it)
Detail view: Full before/after snapshot

Audit Trail Use Cases

Compliance: "Show all OKR changes in Q4"
  → Filter: Entity=OKR, Date=Q4
  → Result: All OKR create/update/delete

Forensics: "Who changed this user's role?"
  → Filter: Entity=User, Action=update
  → Result: Find exact role change timestamp + who

Reporting: "What changed in this phase?"
  → Filter: Date=FAZ2 duration
  → Result: All changes during FAZ 2

Encryption

In Transit (TLS/SSL)

All API calls encrypted (HTTPS)
No plaintext data over network

At Rest

Database: TBD (check with IT)
Backups: Encrypted
Sensitive fields: Additional encryption (passwords, etc.)

Data Retention

Active Data

Kept indefinitely (while tenant active)
Accessible via COS interface

Archived Data

Closed quarters archived (still queryable)
Historical OKR data retained (3+ years)
Audit logs retained (7 years minimum for compliance)

Deleted Data

User deactivation: Data retained, access removed
OKR delete: Soft delete (recoverable by admin)
Hard delete: Requires explicit admin + confirmation

Backup & Disaster Recovery

Backup Schedule

Daily automated backups
Retention: 30-day rolling backup
Geographic redundancy (TBD location)

Recovery Process

Contact support with date/scope needed
Support verifies approval
Restore from backup (estimated time: 4-24 hours)
Data integrity verification
Restoration applied

Compliance Frameworks

Supported Standards

SOC 2 (TBD audit status)
GDPR compliance (data residency, right-to-delete)
Industry-specific (HIPAA, PCI, etc. - check with support)

Data Residency

Default: [Region TBD]
EU data: [EU region option TBD]
Custom requests: Contact sales

Access Control

IP Whitelisting

TBD (available if required)
Contact admin for setup

Session Management

JWT tokens: 24-hour expiry
Automatic logout: 60 min inactivity (TBD)
Concurrent sessions: 1 per user (optional multi-session)

RBAC Fine-Grain Control

Feature

MEMBER

LEAD

MGR

ADMIN

CEO

View data

Own

Unit

Org

Tenant

Org

Edit data

Own

Unit

Org

Tenant

Org

Delete

Tenant

Audit log

Tenant

Incident Response

Report Security Issue

Contact: [email protected]

Include:

Description of issue
Steps to reproduce
Tenant ID (if relevant)
Impact assessment

Best Practices

✅ For Admins:

Regularly review audit logs
Limit ADMIN role assignments
Monitor unusual activity patterns
Enable 2FA (if available)

✅ For Users:

Use strong passwords
Don't share credentials
Logout from shared computers
Report suspicious access

Troubleshooting

Q: "Başka tenant'ın verilerini gördüm" A: Immediate security incident. Contact support + admin. Check audit logs.

Q: "Audit log'u göremiyorum" A: Requires ADMIN role. Check your role in profile.

Q: "Data backup gerekli" A: Contact support with date/scope. 4-24 hour typical.

İlgili Sayfalar

PreviousKimlik Doğrulama & Tokenlar NextOKR Oluşturamıyorum

Last updated 46 minutes ago

Good evening

hashtagTenant Architecture

hashtagIsolation Mechanisms

hashtag1. Database Level

hashtag2. Request Level

hashtag3. Row-Level Security (RLS)

hashtagAuthentication & Authorization

hashtagUser Authentication

hashtagRequest Authorization

hashtagAudit Logging

hashtagWhat Gets Logged

hashtagAccess Audit Log

hashtagAudit Trail Use Cases

hashtagEncryption

hashtagIn Transit (TLS/SSL)

hashtagAt Rest

hashtagData Retention

hashtagActive Data

hashtagArchived Data

hashtagDeleted Data

hashtagBackup & Disaster Recovery

hashtagBackup Schedule

hashtagRecovery Process

hashtagCompliance Frameworks

hashtagSupported Standards

hashtagData Residency

hashtagAccess Control

hashtagIP Whitelisting

hashtagSession Management

hashtagRBAC Fine-Grain Control

hashtagIncident Response

hashtagReport Security Issue

hashtagBest Practices

hashtagTroubleshooting

hashtagİlgili Sayfalar

Tenant Architecture

Isolation Mechanisms

1. Database Level

2. Request Level

3. Row-Level Security (RLS)

Authentication & Authorization

User Authentication

Request Authorization

Audit Logging

What Gets Logged

Access Audit Log

Audit Trail Use Cases

Encryption

In Transit (TLS/SSL)

At Rest

Data Retention

Active Data

Archived Data

Deleted Data

Backup & Disaster Recovery

Backup Schedule

Recovery Process

Compliance Frameworks

Supported Standards

Data Residency

Access Control

IP Whitelisting

Session Management

RBAC Fine-Grain Control

Incident Response

Report Security Issue

Best Practices

Troubleshooting

İlgili Sayfalar