Use when implementing or modifying multi-tenant (organization/org_id) behavior in Unity ERP. Covers the staged rollout approach, verification queries, and common pitfalls like missing org membership causing null nested relations.
docs/README.mddocs/operations/tenant-data-isolation-zero-downtime-runbook.mddocs/operations/tenant-module-entitlements-runbook.mdorg_id nullable + backfill + defaults + indexes + NOT VALID FKs.org_id filled, parent/child match).NOT NULL).docs/operations/tenant-data-isolation-zero-downtime-runbook.mdpublic tables that include org_id, the expected end-state is:
org_id is NOT NULLUSING true / WITH CHECK true authenticated policies20260225073626_timekeeper_anon_read_hotfix_qbutton.sql20260225074120_timekeeper_anon_insert_policy_fix.sql20260225074246_timekeeper_anon_policy_uuid_lock_fix.sql20260225074503_timekeeper_trigger_security_definer_fix.sqlQbutton staff while keeping authenticated org-scoped policies intact.anon policies on staff / time_clock_events without replacing scanner auth flow first.Read docs/operations/tenant-data-isolation-zero-downtime-runbook.md and use the queries in:
organization_members)If one table is tenant-locked but a related table is not (or a user has no org membership), Supabase nested selects can return null for embedded objects.
UI must treat nested relations as nullable and avoid direct dereferences like:
row.supplier_component.component.internal_code
After each migration baby step:
Known local/dev smoke noise (not tenancy regressions):
cutlist_material_defaults may return 406 for users with no defaults row.406/401/404 when the record/context is missing.For current production state and next steps, see:
docs/overview/todo-index.md