One platform, infinite organizations — fully isolated by design

ArkanPM enforces tenant isolation at the PostgreSQL layer with row-level security, so every query is automatically scoped to the active tenant. Separate data, separate configurations, separate user bases — on shared infrastructure.

Tenant management view showing organizations, subscription plans, and lifecycle states

Interface preview

Application-level tenant filtering is one missing WHERE clause away from a data breach

  • 1Shared databases with application-level filtering rely on every developer remembering to scope every query — one mistake exposes every tenant.
  • 2Customizing configuration per tenant means building override tables that gradually drift from the actual product behavior.
  • 3Operating across multiple currencies and time zones requires bolt-on utilities that never quite handle edge cases consistently.
  • 4Onboarding a new organization requires manual provisioning, seeding reference data, and configuring limits across a dozen tables.
  • 5Suspending or terminating a tenant means orchestrating cleanup across every schema — and hoping you didn't miss anything.
The Solution

Arkan Multi-Tenant Architecture Capabilities

Row-level security at the database layer

PostgreSQL-enforced RLS policies scope every query to the active tenant automatically. Defense-in-depth beyond application filtering — even a misconfigured query cannot cross tenant boundaries.

RLS policies are enforced by PostgreSQL itself, not by application code — isolation survives any application-level bug.

Tenant-scoped configuration across four categories

Each organization customizes system settings across general, notifications, security, and integrations categories. Sensitive settings are flagged and handled accordingly — no global state, no cross-tenant spillover.

Localization and currency per tenant

Per-tenant timezone, locale, and currency configuration ensures the platform adapts to regional requirements. UAE-based operators get AED as the default currency with region-appropriate formatting.

Tenant provisioning and lifecycle management

Onboard new organizations with configurable subscription plans (Free, Starter, Professional, Enterprise), resource limits (max users, properties, storage), and lifecycle states (provisioning, active, suspended, archived, terminated).

Tenant status guards

Suspended tenants are automatically restricted to read-only access. Terminated or archived tenants are fully locked out. No manual intervention needed — the platform enforces status consistently across every endpoint.

Why Arkan?

Technical Comparison

See how Arkan outperforms traditional solutions

Feature
Arkan
Traditional
Tenant isolation
PostgreSQL RLS enforced at the database layer
Application-level WHERE clauses on every query
Configuration model
Tenant-scoped settings across four categories
Global config with per-tenant override tables
Currency handling
Per-tenant currency with decimal precision on all financial fields
Single platform currency with conversion workarounds
Lifecycle automation
Status-gated access with five defined lifecycle states
Manual cleanup across schemas on termination
How It Works

Simple 6-Step Process

1

Each organization is provisioned as a distinct tenant with subscription plan, resource limits, and initial admin user.

2

PostgreSQL RLS policies scope every table to the tenant ID on every query — isolation is database-enforced.

3

Tenant-scoped configuration stores settings across general, notifications, security, and integrations categories.

4

Timezone, locale, and currency are set per tenant and applied consistently across dates, numbers, and reports.

5

Tenant status (provisioning, active, suspended, archived, terminated) gates access — suspended tenants are read-only.

6

Admins can monitor and control tenants from the platform administration interface without touching the database.

Key Benefits

Measurable Impact

Isolation layer

Database-enforced RLS

PostgreSQL row-level security provides defense-in-depth beyond application filtering.

Subscription tiers

4 plans

Free, Starter, Professional, and Enterprise — configurable resource limits per tier.

Lifecycle states

5 states

Provisioning, active, suspended, archived, terminated — full lifecycle automation.

What convinced us was seeing the RLS policies in the database itself. Isolation is enforced by PostgreSQL, not by hoping every developer remembers the right WHERE clause. That's a fundamentally different level of assurance.

Chief Information Security Officer

Chief Information Security Officer

GCC Property Management Group

Built For

Who Benefits

Platform Admin

Manages tenant provisioning, status transitions, and subscription plans from a single interface.

Tenant Admin

Configures their organization's settings, localization, and currency independently of other tenants.

Security & Compliance Teams

Verify isolation with database-level RLS policies that independent auditors can inspect.

Works seamlessly with other ArkanPM modules

Multi-Tenant Architecture integrates with Role-Based & Attribute-Based Access Control, Audit Trail & Compliance, Unified Portfolio Hierarchy and more for a complete property management platform.

Ready to Get Started with Multi-Tenant Architecture?

See how multi-tenant architecture can transform your property operations.

Bilingual EN / ARExpert implementationAll 16 modules

Related Features

Explore other features that work great with Multi-Tenant Architecture

Role-Based & Attribute-Based Access Control

RBAC and ABAC operate within tenant-isolated boundaries enforced at the database layer.

Learn More

Audit Trail & Compliance

Audit logs are tenant-scoped and preserve every action with full before/after state.

Learn More

Unified Portfolio Hierarchy

Every portfolio, building, and unit exists within a single tenant's isolated data boundary.

Learn More