Multi-Organization Architecture
Understanding multi-organization in ARSAKA PUGUH.
Overview
PUGUH uses a multi-organization architecture where each organization has completely isolated data and configuration. This enables:
- Data Isolation: Complete separation between organizations
- Configuration Independence: Each organization has its own settings and applications
- Resource Management: Per-organization billing and limits
- Security: No cross-organization data leakage
Organization Hierarchy
plaintext
Organization
Users (via Memberships)
Owner (1 per organization)
Admins
Members
Viewers
Applications
Production
Staging
Development
Rules
Organization-level (shared)
Application-level (isolated)
Workflows
Application-scoped
Subscription
Plan + BillingData Isolation
Database Level
Every table includes organization_id:
sql
CREATE TABLE rules (
id UUID PRIMARY KEY,
organization_id UUID NOT NULL, -- Organization isolation
application_id UUID, -- Optional application scope
name TEXT,
...
);
-- Row-Level Security (RLS) enforces isolation
CREATE POLICY organization_isolation ON rules
USING (organization_id = current_setting('app.current_organization')::uuid);API Level
All API requests are scoped to an organization:
http
GET /api/v1/rules
Authorization: Bearer {token}
X-Organization-ID: {organization_id}The token contains organization membership information, and all queries are automatically filtered.
Application Level
typescript
// SDK automatically includes organization context
const client = new PuguhClient({
organizationId: 'your-organization-id',
// ...
});
// All operations scoped to this organization
const webhooks = await client.webhooks.list(); // Only returns organization's webhooksOrganization Membership
User-Organization Relationship
Users can belong to multiple organizations:
plaintext
User: alice@example.com
Organization: Acme Corp (Owner)
Organization: Consulting Co (Admin)
Organization: Partner Inc (Member)Membership Model
typescript
interface OrganizationMembership {
userId: string;
organizationId: string;
role: 'owner' | 'admin' | 'member' | 'viewer';
status: 'active' | 'invited' | 'suspended';
joinedAt: Date;
}Switching Organizations
typescript
// List user's organizations
const organizations = await client.listMyOrganizations();
// Switch active organization
await client.setActiveOrganization(organizationId);Application Scoping
Applications provide an additional isolation layer within organizations.
When to Use Applications
| Use Case | Recommendation |
|---|---|
| Multiple environments | Separate applications (prod/staging/dev) |
| Different services | Separate applications per service |
| Team isolation | Separate applications per team |
| Testing | Dedicated test application |
Resource Scoping
Resources are scoped at two levels:
- Organization-level: Users, roles, billing, audit logs
- Application-level: Webhooks, storage, API keys
typescript
// Organization-level: list all members
const members = await client.organizations.listMembers(orgId);
// Application-level: create a webhook for a specific app
await client.webhooks.create({
url: 'https://prod.example.com/webhook',
eventTypes: ['user.registered'],
applicationId: 'prod-app-id',
});Access Control
Access is managed at both levels:
- Organization role determines base permissions
- Application membership restricts resource access further
- Organization Owners have access to all applications
Organization Limits
Each plan has organization-level limits:
| Limit | Free | Starter | Pro | Enterprise |
|---|---|---|---|---|
| Applications | 1 | 5 | Unlimited | Unlimited |
| Users | 3 | 10 | Unlimited | Unlimited |
| Webhooks | 3 | 10 | 50 | Unlimited |
| Storage (GB) | 1 | 10 | 100 | Custom |
Checking Limits
typescript
const usage = await client.getOrganizationUsage();
console.log(usage.storage.used); // '2.5 GB'
console.log(usage.storage.limit); // '10 GB'
console.log(usage.members.used); // 5
console.log(usage.members.limit); // 10Limit Enforcement
When limits are exceeded:
- Storage: File uploads return 413 with upgrade prompt
- Applications: Cannot create new applications
- Users: Cannot invite new members
Cross-Organization Operations
Cross-organization operations are not allowed by design:
- Users cannot access other organizations' data
- API keys are organization-scoped
- No cross-organization queries possible
Shared Resources (Enterprise)
Enterprise customers can set up controlled sharing:
- Service Organizations: Shared services across organizations
- Federation: Connect multiple organizations
- Data Sync: Controlled replication
Contact support for enterprise features.
Security Considerations
Organization Isolation Guarantees
- Query Isolation: All queries filtered by organization_id
- Index Separation: Organization-scoped indexes
- Encryption: Per-organization encryption keys (Enterprise)
- Audit Isolation: Organization-specific audit logs
Security Best Practices
- Use Application Separation: Separate sensitive data in applications
- Regular Access Review: Audit organization memberships
- Minimal Permissions: Use least privilege principle
- Monitor Cross-Organization: Watch for anomalies
Migration Between Organizations
Moving Resources
Resources cannot be moved between organizations directly. To migrate:
- Export from source organization
- Import to destination organization
- Verify and validate
- Delete from source
Export/Import
bash
# Export rules
puguh-cli export rules --organization SOURCE_ORG --output rules.json
# Import to new organization
puguh-cli import rules --organization DEST_ORG --input rules.jsonTroubleshooting
"Organization not found"
- Verify organization ID is correct
- Check user has access to organization
- Ensure organization is not suspended
"Cross-organization access denied"
- Cannot access resources from another organization
- Switch to correct organization first
- Verify membership status
"Limit exceeded"
- Check current usage vs limits
- Upgrade plan or reduce usage
- Contact support for temporary increase