SaaS
OrderBind Multi-Tenant SaaS
A multi-tenant order platform with RLS-enforced isolation, role-based admin, audit logging, and credit-based usage metering. Across 50+ migrations.
50+
Migrations
RLS
Enforced
How it came together
The setup
Small ops teams were running orders, customers, and procurement out of separate tools, and could not justify enterprise pricing for an ERP.
The challenge
Build tenant isolation strong enough to survive a hostile tenant, without a service-per-tenant deployment pipeline.
Scale
Multi-tenant SaaS with super admin / admin / member roles, credit-metered usage, and audit logs across 50+ schema migrations.
The hard parts
Non-negotiables
- Tenant data must never leak, even if app code has a bug
- Credit metering accurate to the action
- Audit logs that survive admin actions
Trade-offs we made
- 50+ migrations and counting. Chose forward-only over rebasing history. Slower to read, but every prod schema state is reproducible.
- Skipped per-tenant subdomains in v1. Path-based routing was enough to ship.
Calls I made
RLS, not application checks
Every table has a row-level security policy keyed on tenant id. App-layer code that forgets the filter still cannot leak data.
Credits as RPCs
Metered actions go through Supabase RPCs that check and decrement credits in the same transaction. No race window.