Back to page
Tenant Organization Ledgers
Raw Markdown & AI/RAG Chunks
Raw Markdown Source
1963 chars
# Tenant Organization Ledgers
To support distributed documentation authoring securely, **Asterisk 2** implements an organizational tracking framework natively inside `ApplicationDbContext`. This module maps user accounts and integration credentials to specific resource arrays.
---
## Organizational Mapping Ecosystem
The flowchart below outlines how system entities enforce clear organizational isolation bounds:
```mermaid
graph TD
%% Primary Identity
subgraph OrgNode["Tenant Core Domain"]
EntityOrg["Organization Record<br/>(PK: OrgId)"]
end
%% Shared Ownership
subgraph AccessMaps["Mapped Enterprise Resources"]
EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
end
%% Vectors
EntityOrg ==>|"Claims Association"| EntityUser
EntityOrg ==>|"Key Authorization"| EntityKeys
EntityOrg ==>|"Workspace Bound"| EntityProj
%% Palette Matrix
classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;
class OrgNode,EntityOrg coreClass;
class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;
```
---
## Operational Database Constraints
### 1. Unified Claims Injection
During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers.
### 2. Cryptographic M2M Validation Maps
Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.
AI Chunks (RAG)
3 chunks
Chunk #1
Tenant Organization Ledgers
# Tenant Organization Ledgers To support distributed documentation authoring securely, **Asterisk 2** implements an organizational tracking framework natively inside `ApplicationDbContext`. This module maps user accounts and integration credentials to specific resource arrays. ---
Chunk #2
Organizational Mapping Ecosystem
## Organizational Mapping Ecosystem
The flowchart below outlines how system entities enforce clear organizational isolation bounds:
```mermaid
graph TD
%% Primary Identity
subgraph OrgNode["Tenant Core Domain"]
EntityOrg["Organization Record<br/>(PK: OrgId)"]
end
%% Shared Ownership
subgraph AccessMaps["Mapped Enterprise Resources"]
EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
end
%% Vectors
EntityOrg ==>|"Claims Association"| EntityUser
EntityOrg ==>|"Key Authorization"| EntityKeys
EntityOrg ==>|"Workspace Bound"| EntityProj
%% Palette Matrix
classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;
class OrgNode,EntityOrg coreClass;
class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;
```
---
Chunk #3
Operational Database Constraints
## Operational Database Constraints ### 1. Unified Claims Injection During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers. ### 2. Cryptographic M2M Validation Maps Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.