Tenant Organization Ledgers

Tenant Organization Ledgers

To support distributed documentation authoring securely, Asterisk 2 implements an organizational tracking framework natively inside ApplicationDbContext. This module maps user accounts and integration credentials to specific resource arrays.


Organizational Mapping Ecosystem

The flowchart below outlines how system entities enforce clear organizational isolation bounds:

graph TD
    %% Primary Identity
    subgraph OrgNode["Tenant Core Domain"]
        EntityOrg["Organization Record<br/>(PK: OrgId)"]
    end

    %% Shared Ownership
    subgraph AccessMaps["Mapped Enterprise Resources"]
        EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
        EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
        EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
    end

    %% Vectors
    EntityOrg ==>|"Claims Association"| EntityUser
    EntityOrg ==>|"Key Authorization"| EntityKeys
    EntityOrg ==>|"Workspace Bound"| EntityProj

    %% Palette Matrix
    classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
    classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;

    class OrgNode,EntityOrg coreClass;
    class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;

Operational Database Constraints

1. Unified Claims Injection

During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers.

2. Cryptographic M2M Validation Maps

Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.