Multi Tenant Safety Checker

What it does

This skill, Multi Tenant Safety Checker, helps ensure your multi-tenant application maintains data isolation and prevents data leakage between tenants. It focuses on implementing Row Level Security (RLS) within a PostgreSQL database to enforce tenant-specific access controls. The skill also provides guidance for setting up an Application-Level Tenant Context using middleware to manage the app.tenant_id variable, which is crucial for RLS policies.

When to use it

• When building a multi-tenant application where data isolation between tenants is critical.
• During security audits to verify adherence to tenant safety best practices.
• To implement and test Row Level Security (RLS) in PostgreSQL databases.
• When needing to enforce that all database queries are filtered by tenant ID.
• To ensure file uploads and background jobs operate within the correct tenant context.

Key capabilities

• Row Level Security (RLS) Implementation: Sets up RLS on tables using PostgreSQL policies.
• Application-Level Tenant Context: Provides middleware for managing app.tenant_id to control data access.
• Tenant Isolation Checklist: Offers a comprehensive checklist covering database, application, and testing aspects of multi-tenancy security.
• Automated Security Tests Guidance: Suggests tests to verify RLS bypass prevention and SQL injection vulnerabilities.

Example prompts

• "Show me how to enable Row Level Security on the 'users' table."
• "What is the purpose of the app.tenant_id variable?"
• "Generate a policy for the 'orders' table using RLS to filter by tenant ID."

Tips & gotchas

• Requires a PostgreSQL database and Prisma client setup.
• The skill relies on setting a local variable (app.tenant_id) which must be managed consistently throughout your application.
• Thorough testing, including cross-tenant query tests and RLS bypass attempts, is essential to ensure security effectiveness.