saas-tenant-isolationlisted

# SaaS Tenant Isolation Audit Audit a multi-tenant SaaS for cross-tenant data leakage paths. The single most dangerous class of bug in B2B SaaS — one breach exposes every customer. ## When this skill applies - Reviewing query patterns in a shared-database multi-tenant architecture - Checking that every data-access path enforces `tenant_id` / `org_id` / `workspace_id` scoping - Auditing cache key construction (Redis, in-memory, CDN) - Reviewing file storage path conventions - Reviewing search indices (Elasticsearch, Algolia, Meilisearch) for cross-tenant filters - Reviewing background jobs and queues for tenant binding Use other skills for: row-level enforcement in Postgres (`supabase-security-audit`), auth checks per object (`saas-code-security-review`), API rate limits per tenant (`saas-api-security`). ## Tenancy models Identify which model the app uses; the audit approach differs. | Model | Description | Primary risk | |-------|-------------|--------------| | **Shared DB, shared schema, tenant column** | One DB, one schema, `tenant_id` column on every table | Missing WHERE clause on any query | | **Shared DB, schema per tenant** | One DB, schema named per tenant; connect to that schema | Wrong schema selected; cross-schema query | | **DB per tenant** | One DB per customer | Connection string mix-up; admin tooling crossing tenants | | **Hybrid (sharded)** | Tenant maps to a specific shard | Misrouted query lands on wrong shard | Most SaaS use shared DB + tenant colum