Skip to main content
Every Medera customer is a tenant (organization). Tenant ID flows through the entire stack: - Injected by setTenantContext middleware on every request
  • Set on the managed Postgres session via SET LOCAL app.current_organization_id =...
  • Enforced by Row-Level Security policies on every PHI-touching table (tenant_isolation using has_tenant_access)
  • Carried into background workers via executeInOrgScope transaction context

Environments

Tenant-scoped tables

The following tables enforce tenant isolation via RLS (migrations 124, 125, 154):