medo94my/multitenetsaas
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
b3fff546e9b731b6b1bdc294fc3776565c5c5e91
multitenetsaas/specs/001-1-target-sectors/data-model.md
AHMET YILMAZ b3fff546e9
Some checks failed
System Monitoring / Health Checks (push) Has been cancelled
Details
System Monitoring / Performance Monitoring (push) Has been cancelled
Details
System Monitoring / Database Monitoring (push) Has been cancelled
Details
System Monitoring / Cache Monitoring (push) Has been cancelled
Details
System Monitoring / Log Monitoring (push) Has been cancelled
Details
System Monitoring / Resource Monitoring (push) Has been cancelled
Details
System Monitoring / Uptime Monitoring (push) Has been cancelled
Details
System Monitoring / Backup Monitoring (push) Has been cancelled
Details
System Monitoring / Security Monitoring (push) Has been cancelled
Details
System Monitoring / Monitoring Dashboard (push) Has been cancelled
Details
System Monitoring / Alerting (push) Has been cancelled
Details
Security Scanning / Dependency Scanning (push) Has been cancelled
Details
Security Scanning / Code Security Scanning (push) Has been cancelled
Details
Security Scanning / Secrets Scanning (push) Has been cancelled
Details
Security Scanning / Container Security Scanning (push) Has been cancelled
Details
Security Scanning / Compliance Checking (push) Has been cancelled
Details
Security Scanning / Security Dashboard (push) Has been cancelled
Details
Security Scanning / Security Remediation (push) Has been cancelled
Details
project initialization
2025-10-05 02:37:33 +08:00

13 KiB
Raw Blame History

Data Model

Core Entities

Tenant

Purpose: Represents a business organization with isolated data and workspace

Fields:

  • id (UUID): Primary key
  • name (String): Business name
  • slug (String): URL-friendly identifier
  • email (String): Primary contact email
  • phone (String): Business phone number
  • address (JSON): Business address (Malaysian format)
  • business_type (Enum): RETAIL, HEALTHCARE, EDUCATION, LOGISTICS, BEAUTY
  • subscription_plan (Enum): STARTER, GROWTH, PRO, ENTERPRISE
  • pricing_model (Enum): SUBSCRIPTION, PERPETUAL
  • status (Enum): PENDING, ACTIVE, SUSPENDED, TERMINATED
  • logo_url (String): Company logo
  • settings (JSON): Tenant-specific settings
  • created_at (DateTime): Tenant creation timestamp
  • updated_at (DateTime): Last update timestamp
  • trial_ends_at (DateTime): Trial period end
  • subscription_ends_at (DateTime): Current subscription end

Relationships:

  • Has many Users
  • Has many Subscriptions
  • Has many Modules (through subscriptions)
  • Has many Business Data entities

User

Purpose: Individuals within tenant organizations with roles and permissions

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • email (String): User email (unique within tenant)
  • first_name (String): User first name
  • last_name (String): User last name
  • phone (String): User phone number
  • role (Enum): ADMIN, MANAGER, STAFF, VIEWER
  • status (Enum): PENDING, ACTIVE, INACTIVE, DISABLED
  • last_login (DateTime): Last login timestamp
  • created_at (DateTime): User creation timestamp
  • updated_at (DateTime): Last update timestamp
  • auth_methods (JSON): Enabled authentication methods
  • mfa_enabled (Boolean): Multi-factor authentication status
  • password_hash (String): Encrypted password

Relationships:

  • Belongs to Tenant
  • Has many Permissions
  • Has many Audit Logs

Subscription

Purpose: Defines pricing plan, billing cycle, and module access for tenants

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • plan_type (Enum): STARTER, GROWTH, PRO, ENTERPRISE
  • billing_cycle (Enum): MONTHLY, YEARLY, ONE_TIME
  • status (Enum): ACTIVE, CANCELLED, EXPIRED, PENDING
  • starts_at (DateTime): Subscription start date
  • ends_at (DateTime): Subscription end date
  • renews_at (DateTime): Next renewal date
  • amount (Decimal): Subscription amount
  • currency (String): Currency code (MYR)
  • payment_method (String): Payment method token
  • module_limit (Integer): Number of modules allowed
  • user_limit (Integer): Number of users allowed
  • features (JSON): Enabled features
  • created_at (DateTime): Subscription creation timestamp
  • updated_at (DateTime): Last update timestamp

Relationships:

  • Belongs to Tenant
  • Has many Subscription Modules
  • Has many Payment Transactions

Module

Purpose: Industry-specific business functionality packages

Fields:

  • id (UUID): Primary key
  • name (String): Module name
  • slug (String): URL-friendly identifier
  • description (String): Module description
  • industry (Enum): RETAIL, HEALTHCARE, EDUCATION, LOGISTICS, BEAUTY
  • version (String): Module version
  • status (Enum): ACTIVE, INACTIVE, BETA
  • features (JSON): Module features
  • requirements (JSON): System requirements
  • created_at (DateTime): Module creation timestamp
  • updated_at (DateTime): Last update timestamp

Relationships:

  • Has many Subscription Modules
  • Has many Module Permissions

Subscription Module

Purpose: Links subscriptions to specific modules

Fields:

  • id (UUID): Primary key
  • subscription_id (UUID): Foreign key to Subscription
  • module_id (UUID): Foreign key to Module
  • status (Enum): ACTIVE, INACTIVE, EXPIRED
  • activated_at (DateTime): Activation timestamp
  • expires_at (DateTime): Expiration timestamp
  • settings (JSON): Module-specific settings

Relationships:

  • Belongs to Subscription
  • Belongs to Module

Payment Transaction

Purpose: Records of billing and payments

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • subscription_id (UUID): Foreign key to Subscription
  • type (Enum): CHARGE, REFUND, CREDIT, ADJUSTMENT
  • amount (Decimal): Transaction amount
  • currency (String): Currency code (MYR)
  • status (Enum): PENDING, COMPLETED, FAILED, REFUNDED
  • payment_method (String): Payment method used
  • transaction_id (String): External transaction ID
  • description (String): Transaction description
  • created_at (DateTime): Transaction creation timestamp
  • updated_at (DateTime): Last update timestamp

Relationships:

  • Belongs to Tenant
  • Belongs to Subscription

Industry-Specific Models

Retail Module

Product

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • name (String): Product name
  • sku (String): Stock keeping unit
  • description (String): Product description
  • category (String): Product category
  • price (Decimal): Product price
  • cost (Decimal): Product cost
  • stock_quantity (Integer): Current stock
  • reorder_point (Integer): Reorder threshold
  • supplier_id (UUID): Supplier reference
  • status (Enum): ACTIVE, INACTIVE, DISCONTINUED
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Sale

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • invoice_number (String): Invoice number
  • customer_id (UUID): Customer reference
  • subtotal (Decimal): Sale subtotal
  • tax (Decimal): Tax amount
  • total (Decimal): Sale total
  • payment_method (String): Payment method
  • status (Enum): PENDING, COMPLETED, REFUNDED
  • created_at (DateTime): Sale timestamp
  • updated_at (DateTime): Last update timestamp

Healthcare Module

Patient

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • medical_record_number (String): Medical record number
  • first_name (String): Patient first name
  • last_name (String): Patient last name
  • ic_number (String): Malaysian IC number
  • date_of_birth (Date): Date of birth
  • gender (Enum): MALE, FEMALE, OTHER
  • phone (String): Phone number
  • email (String): Email address
  • address (JSON): Patient address
  • blood_type (String): Blood type
  • allergies (JSON): Known allergies
  • medical_conditions (JSON): Medical conditions
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Appointment

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • patient_id (UUID): Foreign key to Patient
  • doctor_id (UUID): Foreign key to User (doctor)
  • appointment_date (DateTime): Appointment date and time
  • duration (Integer): Duration in minutes
  • status (Enum): SCHEDULED, CONFIRMED, COMPLETED, CANCELLED, NO_SHOW
  • type (Enum): CONSULTATION, FOLLOW_UP, PROCEDURE
  • notes (Text): Appointment notes
  • reminder_sent (Boolean): Reminder sent status
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Education Module

Student

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • student_id (String): Student ID
  • first_name (String): Student first name
  • last_name (String): Student last name
  • date_of_birth (Date): Date of birth
  • grade_level (String): Grade level
  • parent_id (UUID): Parent user reference
  • enrollment_date (Date): Enrollment date
  • status (Enum): ACTIVE, INACTIVE, GRADUATED)
  • emergency_contact (JSON): Emergency contact information
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Class

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • name (String): Class name
  • grade_level (String): Grade level
  • teacher_id (UUID): Teacher user reference
  • max_students (Integer): Maximum students
  • schedule (JSON): Class schedule
  • academic_year (String): Academic year
  • status (Enum): ACTIVE, INACTIVE)
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Logistics Module

Shipment

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • tracking_number (String): Tracking number
  • order_id (String): Order reference
  • sender_id (UUID): Sender reference
  • recipient_id (UUID): Recipient reference
  • origin (JSON): Origin address
  • destination (JSON): Destination address
  • weight (Decimal): Package weight
  • dimensions (JSON): Package dimensions
  • status (Enum): PENDING, IN_TRANSIT, DELIVERED, FAILED)
  • estimated_delivery (DateTime): Estimated delivery
  • actual_delivery (DateTime): Actual delivery
  • carrier (String): Shipping carrier
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Vehicle

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • plate_number (String): Vehicle plate number
  • type (String): Vehicle type
  • capacity (Decimal): Vehicle capacity
  • driver_id (UUID): Driver user reference
  • status (Enum): ACTIVE, INACTIVE, MAINTENANCE)
  • location (JSON): Current location
  • last_maintenance (Date): Last maintenance date
  • next_maintenance (Date): Next maintenance date
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Beauty Module

Client

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • first_name (String): Client first name
  • last_name (String): Client last name
  • phone (String): Phone number
  • email (String): Email address
  • date_of_birth (Date): Date of birth
  • address (JSON): Client address
  • preferences (JSON): Service preferences
  • notes (Text): Client notes
  • loyalty_points (Integer): Loyalty points
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Service

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • name (String): Service name
  • description (String): Service description
  • duration (Integer): Duration in minutes
  • price (Decimal): Service price
  • category (String): Service category
  • status (Enum): ACTIVE, INACTIVE)
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Audit & Compliance Models

AuditLog

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • user_id (UUID): Foreign key to User
  • action (String): Action performed
  • entity_type (String): Type of entity affected
  • entity_id (UUID): ID of entity affected
  • old_values (JSON): Previous values
  • new_values (JSON): New values
  • ip_address (String): User IP address
  • user_agent (String): User agent
  • timestamp (DateTime): Event timestamp

DataRetention

Fields:

  • id (UUID): Primary key
  • tenant_id (UUID): Foreign key to Tenant
  • entity_type (String): Type of data
  • entity_id (UUID): ID of entity
  • deletion_date (DateTime): Scheduled deletion date
  • status (Enum): ACTIVE, DELETED, ARCHIVED)
  • created_at (DateTime): Creation timestamp
  • updated_at (DateTime): Last update timestamp

Relationships Summary

Tenant (1) → Many Users
Tenant (1) → Many Subscriptions
Tenant (1) → Many AuditLogs
Tenant (1) → Many DataRetention

Subscription (1) → Many SubscriptionModules
Subscription (1) → Many PaymentTransactions

Module (1) → Many SubscriptionModules

User (1) → Many AuditLogs

Validation Rules

Tenant Validation

  • Name must be unique across all tenants
  • Email must be valid format
  • Phone number must follow Malaysian format
  • Business type must be one of the supported industries

User Validation

  • Email must be unique within tenant
  • Role must be valid for user's permissions
  • Password must meet security requirements

Subscription Validation

  • Plan type must match module limits
  • Billing cycle must be valid for plan type
  • Amount must match plan pricing

Data Isolation

  • All queries must include tenant_id filter
  • Foreign key relationships must respect tenant boundaries
  • Cross-tenant data access must be explicitly prevented

Compliance Requirements

PDPA 2010 Compliance

  • All personal data must be encrypted at rest
  • Data access must be logged and auditable
  • Data retention policies must be enforced
  • User consent must be obtained and recorded

Healthcare Data Protection

  • Patient data must have additional access controls
  • Medical records must have audit trails
  • Emergency access must be logged and reviewed
  • Data backup procedures must be HIPAA-compliant

Financial Data Protection

  • Payment information must be tokenized
  • Financial transactions must have audit trails
  • Access to financial data must be restricted
  • Compliance with Bank Negara Malaysia requirements