Multi-Tenancy Architecture

Overview

Torn implements a schema-per-tenant architecture using PostgreSQL’s native schema isolation. Each company (tenant) gets its own dedicated database schema, providing complete data isolation while sharing the same database instance.

This approach combines the security benefits of separate databases with the operational simplicity of a single PostgreSQL instance.

Architecture Components

The multi-tenant system consists of three layers:

Global Layer

The public schema stores:

SaaS plans and pricing
Global user accounts
Tenant registry

Tenant Schemas

Each tenant_* schema contains:

Operational data (sales, inventory)
Local users and permissions
DTE documents

Access Bridge

The tenant_users table links:

Global users to tenants
Role assignments
Access permissions

Data Models

Global Schema (public)

All SaaS infrastructure lives in the public schema:

app/models/saas.py

class Tenant(Base):
    """La entidad Empresa / Inquilino.
    
    El `schema_name` es la clave para la arquitectura Tenant-per-Schema.
    Determina a qué esquema físico de PostgreSQL apunta la sesión de SQLAlchemy.
    """
    __tablename__ = "tenants"
    __table_args__ = {'schema': 'public'}

    id = Column(Integer, primary_key=True)
    name = Column(String(200), nullable=False)
    rut = Column(String(20), unique=True, index=True)
    schema_name = Column(String(63), unique=True, nullable=False)
    
    is_active = Column(Boolean, default=True)
    plan_id = Column(Integer, ForeignKey("public.saas_plans.id"))
    
    # DTE Configuration
    address = Column(String(300))
    commune = Column(String(100))
    city = Column(String(100))
    giro = Column(String(200))
    economic_activities = Column(JSONB, server_default='[]')

Global User Model

Users can access multiple tenants with different roles:

app/models/saas.py

class SaaSUser(Base):
    """Usuario Global del Sistema.
    
    Un usuario físico real. Puede tener acceso a múltiples Tenants.
    """
    __tablename__ = "saas_users"
    __table_args__ = {'schema': 'public'}

    id = Column(Integer, primary_key=True)
    email = Column(String(255), unique=True, nullable=False)
    hashed_password = Column(String(255), nullable=False)
    full_name = Column(String(200))
    is_active = Column(Boolean, default=True)
    is_superuser = Column(Boolean, default=False)

Tenant-User Bridge

The tenant_users table manages which users can access which tenants:

app/models/saas.py

class TenantUser(Base):
    """Tabla intermedia: Usuario Global <-> Tenant.
    
    Define a qué empresa tiene acceso un Usuario Global y con qué rol.
    """
    __tablename__ = "tenant_users"
    __table_args__ = {'schema': 'public'}

    id = Column(Integer, primary_key=True)
    tenant_id = Column(Integer, ForeignKey("public.tenants.id"))
    user_id = Column(Integer, ForeignKey("public.saas_users.id"))
    
    role_name = Column(String(50), default="user")
    is_active = Column(Boolean, default=True)

Tenant Provisioning