Minctrl Docs
Concepts

Multi-tenancy

How Minctrl isolates data by company — every resource is company-scoped, so you only ever see your own templates, connectors, runs, and audit trail.

Minctrl is multi-tenant with company-scoped isolation: every resource belongs to a company (a tenant), and the caller only ever sees resources that belong to their company. There is no cross-company read, ever.

Company as the tenant boundary

When you register, Minctrl auto-creates a company and makes you its first member. From then on, your bearer token identifies both you and your company, and the company is the isolation boundary for everything you touch:

  • Connectors — bound tool-ids are private to your company.
  • Runs — process runs, their parked state, and verdicts are company-scoped.
  • Drafts & templates — authored drafts belong to your company; the shared 45 governed templates are read-only catalog entries.
  • Kanban, wiki, analytics — all filtered to your company.
  • Audit trail — the tamper-evident record is per-company.

Members and roles

A company has members with roles (owner / admin / manager / member). Roles govern what a user can do within their company — they never widen the tenant boundary. You manage the team through the members and invitations endpoints:

# who's in my company
curl -s "$API/companies/{company_id}/members" \
  -H "Authorization: Bearer $TOKEN"

What this means in practice

  • You never pass a company id to "scope" a read — scoping is implicit from your token. Requests that would reach another company's data return 404, not someone else's row.
  • Two companies can bind the same tool-id to completely different endpoints; the connectors never collide because they live in separate tenants.
  • A run started in one company is invisible to every other company, including its parked state and audit entries.

Because isolation is enforced from the token, there is no "tenant" parameter to get wrong. The security property — you only ever see your own data — holds regardless of which endpoint you call.

See the Companies and Members reference for the full tenant-management surface.

On this page