2.1 KiB
2.1 KiB
Data Model — Workspace-first Navigation & Monitoring Hub (077)
Date: 2026-02-06
Spec: specs/077-workspace-nav-monitoring-hub/spec.md
This feature is primarily information architecture + context enforcement. No new tables are required; the design depends on existing entities and their relationships.
Entities
Workspace
Represents a portfolio / customer container (primary context).
- Key fields (existing, relevant):
idnameslug(optional)archived_at(nullable)
WorkspaceMembership
Entitlement relationship between a user and a workspace.
- Key fields (existing, relevant):
workspace_iduser_idrole(e.g. owner/operator/etc; actual role semantics are managed by the capability resolver)
Tenant (Managed Tenant)
Represents a Microsoft/Intune tenant belonging to a workspace (secondary context via Filament tenancy).
- Key fields (existing, relevant):
idworkspace_id(foreign key to Workspace)external_id(used in Filament tenancy route/admin/t/{tenant})status(e.g., active)
OperationRun
Canonical monitoring record (workspace-level entity; may optionally be linked to a tenant).
- Key fields (existing, relevant):
idworkspace_id(required for access control)tenant_id(nullable; used for default filtering and “recent operations”)type,status,outcome- timestamps (created/started/completed)
context(JSON)
Relationships
- Workspace has many WorkspaceMemberships.
- Workspace has many Tenants.
- Workspace has many OperationRuns.
- Tenant belongs to Workspace.
- OperationRun belongs to Workspace.
- OperationRun optionally belongs to Tenant.
Invariants / Rules enforced by this feature
- Workspace context (
current_workspace_id) is required for workspace-scoped navigation and access control. - Tenant context must be consistent with workspace context:
- If tenant is not in current workspace, tenant context is cleared (continue tenantless).
- OperationRun access is controlled by membership in the run’s
workspace_id.