TenantsDB

TenantsDB is live. A separate database for every tenant. Not schemas. Not row-level filtering. Actual isolated databases. PostgreSQL, MySQL, MongoDB, Redis. One API to manage them all. Start with 5 free tenants: tenantsdb.com

@arximughal What if it wasn't expensive at all? what if spinning up a tenant DB was as easy as inserting a row? what if separate migrations, connection pools, and monitoring all sat behind a single API?

Build database-per-tenant before you have customers → you're managing separate migrations, connection pools, and monitoring infrastructure before you've validated anything. Both paths are expensive. They just hit you at different times.

The foundation for SaaS multi-tenancy is four tables. Not a separate database per customer. Not a schema per tenant. Four tables, and an org_id on everything that belongs to a tenant. Most guides send early-stage teams down one of two wrong paths:

@hiranyalp4 Spot on. The routing abstraction is the cheapest engineering you'll ever do today and the most expensive one you'll ever do in eighteen months.

“Multi-Tenant Data Models will betray you if you pick the wrong one early” I wrote thus based on my research. Have a read :) @HiranyaPunchihewa/multi-tenant-data-models-will-betray-you-if-you-pick-the-wrong-one-early-45ef21444176" target="_blank" rel="nofollow noopener">medium.com/@HiranyaPunchi…

We used RLS for two years in production. The honest answer: it works until it doesn't. RLS is a filter that runs inside the database, which is strictly better than a WHERE clause in app code, because developers can't forget to write it. That part is real and useful. What it isn't: isolation. It's still one shared database, one shared cache, one shared connection pool, one shared autovacuum. A policy bug, a missing SET app.current_tenant on a pooled connection, or a BYPASSRLS role somewhere in the stack and you're back to leaking. The failure mode is silent. No 500 error, just wrong data returned to the wrong tenant. We ended up moving to database-per-tenant.

Question for backend engineers 👇 How many of you actually use PostgreSQL Row Level Security (RLS) for multi-tenancy? Not just WHERE organization_id = ? in backend code. But letting the database itself enforce tenant isolation. Curious because a lot of systems rely completely on application logic for security.

@meaningoflights Here's the tenant view in the dashboard. Each tenant has its own connection string, isolation tier per engine, and one-click actions for backups, PITR, zero-downtime upgrade, and region change.

Worth clarifying the model. The differentiator is not failover speed, it's the unit of abstraction. AWS sells databases. One RDS instance. One DocumentDB. One ElastiCache Redis. Each is a separate service with its own API, its own failover config, its own backup schedule. If you want per-customer isolation across four engines, you build the orchestration yourself with Lambda, Step Functions, and CloudFormation. AWS has no concept of "tenant" that groups a customer's PG + MySQL + Mongo + Redis under one identity. TenantsDB sells tenants. One API call creates a tenant across all four engines, with isolated databases, deployed schemas, routing, backups, and rate limits configured. One API call upgrades that tenant from shared to dedicated infrastructure with sub-2-second cutover. One API call moves them to a different region. The customer never thinks about which engine lives where. On failover specifically: customer databases use native logical replication (PG PUBLICATION/SUBSCRIPTION, MySQL binlog, Mongo change streams) with snapshot-based recovery and point-in-time restore. Automatic cross-region promotion is on the roadmap. For customers who specifically need RDS-style automatic Multi-AZ today, AWS-hosted dedicated infrastructure is available, the piping is in the system, priced separately for enterprise.

Building multi-tenant infrastructure yourself takes 9 to 17 months. Tenant routing. Schema migration across N tenants. Per-tenant backups. Connection pooling. Search. Moving big customers to dedicated infrastructure. Rate limiting. Each piece is "a sprint or two." The total is most of your first year. tenantsdb.com/blog/engineeri…

@tristanbob RLS is brittle by design. Every table needs a policy, every join respects it, one missed rule leaks. AI agents make it worse because the policies span files they can't all see at once. Per-tenant DB skips the problem. Connection is the boundary. tenantsdb.com

Has anyone built a multi-tenant SaaS app using RLS? Everytime I try this, I can't get it working the way I want it to. I've tried many times, using different AI agents and models. I even tried only using backend/edge functions, but many vibe coding platforms have much lower rate limits on functions and it breaks the app.

@Alacritic_Super All tenants in parallel, not one at a time. TenantsDB analyzes the shared DB, traces FK paths from the tenant column, then provisions and imports every tenant's slice concurrently. App stays live, cutover is a connection string swap. Full pattern: tenantsdb.com/blog/migrate-s…

@tenantsdb What about existing system who do not separate db per tenant like in oracle?

Imagine building an AI copilot for 500 enterprise customers. One retrieval bug happens. Suddenly: - Company A sees Company B's documents - another tenant's embeddings appear in responses - confidential chats leak across sessions That's when engineers realize multi-tenant isolation is not just a backend detail. It is survival. This is why production AI systems use: - tenant-scoped vector indexes - RBAC/ABAC - namespace isolation - isolated memory layers - encryption boundaries In AI infrastructure, one cross-tenant leak can destroy years of trust in minutes.

@Alacritic_Super Wrote up the longer version: tenantsdb.com/blog/tenant-sc… Why every control on the list lives in the same bug radius, and what physical isolation actually means for AI copilots.

@Alacritic_Super Every control on the list is logical isolation in shared infrastructure. Vector indexes, namespaces, RBAC, encryption. All enforced in the same process that had the bug. Physical DB per tenant is the only control outside the bug radius.

Separate database per tenant, but the answer depends on tenant count and isolation needs. Shared tables scale operationally but break for compliance-heavy workloads (legal, medical, fintech) and for AI agents where cross-tenant retrieval is silent contamination. Separate schemas is the awkward middle: most operational pain of per-DB without the isolation guarantees. Per-tenant DB is the right answer when you need physical isolation, the operational cost is solvable

Quick one: When building a multi-tenant system, what database design would you follow? Shared database, shared tables? Shared database, separate schemas? Separate database per tenant?

Good framing. Answers when the data layer is per-tenant database (which is what we do at TenantsDB): Tenant isolation at retrieval is physical. Each tenant's data lives in their own database, the agent's connection only sees one tenant's records. The agent can't access another client's embeddings because it doesn't have credentials for another client's database. Cross-tenant access requires a different connection, not a different query. Isolation is enforced by the database itself. Application logic doesn't have a path to bypass it. RLS works for shared-table architectures. Per-tenant DB removes the failure mode entirely because there's nothing to bypass.

Most AI agent failures in enterprise aren't model failures. They are architecture failures. The model does exactly what it is asked. The problem is what it was allowed to see. A thread on deploying AI agents safely on multi-tenant data. 🧵

Nice. Async connection acquisition as the seam is exactly the right design choice, it's what makes per-tenant routing pluggable rather than a rewrite. If you ever want to test Deltic against a per-tenant DB backend, happy to help you set up TenantsDB as one of the implementations. Would be interesting to see the abstraction hold up against actual N-database routing.

@tenantsdb @danlynch @0ximjosh In Deltic (how it’s called) this is totally transparent from the normal use-cases. In fact, even transactions are not coupled to infrastructure implementation details. Since acquiring a connection is an async operation for us regardless, any routing there can be abstracted away

You probably dont want RLS.

Data layer. Per-tenant database for state, embeddings, conversation history, RAG indexes. Multi-tenant AI platforms hit this in year 1 because every customer's context has to stay isolated. Built TenantsDB to solve it. K8s + Kueue + Karpenter + GPUs handles compute, but you still need per-customer data that doesn't leak across tenants.

1. Kubernetes 2. Kueue 3. Karpenter 4. GPUs What else we need for Multi tenant AI Platform ?

Makes sense as a default. The interesting design question is whether the storage abstraction can swap in a per-tenant DB backend without leaking the change up the stack. We do per-tenant DBs at TenantsDB and the connection routing and pool logic is the part most abstractions struggle to hide. Worth thinking about as you scope the higher-isolation implementations.

@tenantsdb @danlynch @0ximjosh In my project I largely abstract away storage concerns but provide one specific implementation, which is a multi-tenant using column based isolation in the same table. So logical isolation.

Your TypeScript components project sounds interesting. Are you doing tenant isolation at the schema level (per-tenant schemas in shared DB) or per-tenant database? The composability framing for event sourcing + mutexes + tenant isolation is the right shape; the answer mostly depends on which isolation level you're targeting.

@danlynch @0ximjosh Thank you! Btw, interesting project you’re working on. I’m building up typescript components for building apps under demanding requirements on Postgres, but one level up the stack, event sourcing, mutexes, service dispatchers. Highly composable, with tenant isolation built in

The honest reason most teams pick the explicit user_id column over cluster-per-customer isn't that they prefer it. It's that the operational tax (provisioning, schema across N clusters, routing, per-tenant migration, backups) used to be a year of infra work. That's the actual gate. Once that tax goes to zero, the calculus flips.

Some thoughts on the RLS discourse. If I'm building a multi-tenant online service backed by a database, I can choose from four basic architectural patterns: control-plane seperation, table-per-customer, explicit user info in schema, or fine-grained DB security features.

Depends what's hurting. If it's per-tenant data (MCP state, cache, conversation history, embeddings in their own DB), that's TenantsDB. Each customer gets isolated DBs across Postgres, Redis, Mongo. Schema deployed across all tenants from one workspace. If it's OAuth/credentials per tenant, different problem.

Multi-Tenancy in MCP servers is such a pain in the ass has someone come across any tools that helps with this?

@gpkpavan143 Polyglot is great until you're running 3 separate ops teams: PG ops, Mongo ops, Redis ops. Most teams reach for it, then quietly consolidate back to "Postgres for everything" by year 2. The right tool per service is correct in theory; what kills it is operational surface area.

Why bother? → Loose coupling Change the User DB schema? Only User Service cares. → Polyglot persistence Orders → PostgreSQL (ACID needed) Product Catalog → MongoDB (flexible schema) Session Store → Redis (speed first) Each service picks the right tool.

Microservices Design Patterns 💥 Series 1 : Data Management Pattern Name : Database per service 🧵 Database per Service — the #1 microservices pattern you need to understand (and the tradeoffs nobody talks about) The rule is simple: Each microservice gets its OWN database. No other service can query it directly. Access only through the service's API.

A year of watching AI-built apps leak data has taught one lesson: When the AI writes your RLS policies, you don't have security. You have the appearance of security. Database-per-tenant makes this class of bug impossible. No policy to misconfigure, no filter to forget. Isolation is structural. Architectural, not a patch.

Lovable has a mass data breach affecting every project created before november 2025. I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account. nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.