Tenant Organization Ledgers
Tenant Organization Ledgers
To support distributed documentation authoring securely, Asterisk 2 implements an organizational tracking framework natively inside ApplicationDbContext. This module maps user accounts and integration credentials to specific resource arrays.
Organizational Mapping Ecosystem
The flowchart below outlines how system entities enforce clear organizational isolation bounds:
graph TD
%% Primary Identity
subgraph OrgNode["Tenant Core Domain"]
EntityOrg["Organization Record<br/>(PK: OrgId)"]
end
%% Shared Ownership
subgraph AccessMaps["Mapped Enterprise Resources"]
EntityUser["User Accounts Ledger<br/>(AspNetUsers.OrgId)"]
EntityKeys["Machine Integration Keys<br/>(ApiKeys.OrgId)"]
EntityProj["Workspace Target Projects<br/>(Projects.OrgId)"]
end
%% Vectors
EntityOrg ==>|"Claims Association"| EntityUser
EntityOrg ==>|"Key Authorization"| EntityKeys
EntityOrg ==>|"Workspace Bound"| EntityProj
%% Palette Matrix
classDef coreClass fill:#0f172a,stroke:#38bdf8,stroke-width:2px,color:#fff,rx:6px,ry:6px;
classDef mapClass fill:#1e293b,stroke:#a855f7,stroke-width:2px,color:#fff,rx:6px,ry:6px;
class OrgNode,EntityOrg coreClass;
class AccessMaps,EntityUser,EntityKeys,EntityProj mapClass;
Operational Database Constraints
1. Unified Claims Injection
During standard interactive login processing, authentication layers query database mappings to extract associated organization identifiers. These strings are injected directly into active identity context headers.
2. Cryptographic M2M Validation Maps
Machine integration token arrays are indexed specifically against target tenant roots. Background syncing loops verifying API signatures parse incoming requests against matching organization storage ledgers to completely prevent external document writing over unauthorized project slugs.