Back to page

Tenant Organization Ledgers

Raw Markdown & AI/RAG Chunks
Raw Markdown Source 1963 chars
# Tenant Organization Ledgers

To support distributed documentation authoring securely, **Asterisk 2** implements an organizational tracking framework natively inside `ApplicationDbContext`. This module maps user accounts and integration credentials to specific resource arrays.

---

## Organizational Mapping Ecosystem

The flowchart below outlines how system entities enforce clear organizational isolation bounds:

```mermaid
graph TD
    %% Primary Identity
    subgraph OrgNode["Tenant Core Domain"]
        EntityOrg["Organization Record<br/>(PK: OrgId)"]
    end

    %% Shared Ownership
    subgraph AccessMaps["Mapped Enterprise Resources"]
        EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
        EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
        EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
    end

    %% Vectors
    EntityOrg ==>|"Claims Association"| EntityUser
    EntityOrg ==>|"Key Authorization"| EntityKeys
    EntityOrg ==>|"Workspace Bound"| EntityProj

    %% Palette Matrix
    classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class OrgNode,EntityOrg coreClass;
    class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;
```

---

## Operational Database Constraints

### 1. Unified Claims Injection
During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers.

### 2. Cryptographic M2M Validation Maps
Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.
AI Chunks (RAG) 3 chunks
Chunk #1 Tenant Organization Ledgers
# Tenant Organization Ledgers

To support distributed documentation authoring securely, **Asterisk 2** implements an organizational tracking framework natively inside `ApplicationDbContext`. This module maps user accounts and integration credentials to specific resource arrays.

---
Chunk #2 Organizational Mapping Ecosystem
## Organizational Mapping Ecosystem

The flowchart below outlines how system entities enforce clear organizational isolation bounds:

```mermaid
graph TD
    %% Primary Identity
    subgraph OrgNode["Tenant Core Domain"]
        EntityOrg["Organization Record<br/>(PK: OrgId)"]
    end

    %% Shared Ownership
    subgraph AccessMaps["Mapped Enterprise Resources"]
        EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
        EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
        EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
    end

    %% Vectors
    EntityOrg ==>|"Claims Association"| EntityUser
    EntityOrg ==>|"Key Authorization"| EntityKeys
    EntityOrg ==>|"Workspace Bound"| EntityProj

    %% Palette Matrix
    classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class OrgNode,EntityOrg coreClass;
    class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;
```

---
Chunk #3 Operational Database Constraints
## Operational Database Constraints

### 1. Unified Claims Injection
During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers.

### 2. Cryptographic M2M Validation Maps
Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.