Aller au contenu principal

Organisations and tenants

QAudit uses a two-level identity model: organisations and tenants. Understanding the distinction helps explain how signing keys, access control, and data isolation work.

Organisations

An organisation is the entity that contracts with Serensia for the QAudit service. It is the top-level entity in QAudit's identity model and the primary scope through which end users interact with the platform:

  • The dashboard is branded for the organisation and shows data across all its tenants.
  • Reports and notifications are addressed to the organisation's users.
  • Authentication is handled through the organisation's own identity provider — QAudit holds an OIDC configuration pointing at the organisation's IdP; it does not manage identity itself.
  • Signing is scoped to the organisation: all events stored under an organisation are signed with the same Ed25519 key.

Tenants

A tenant is a scoped partition of data within an organisation, identified by a tenant_id. Every event stored by QAudit is assigned to exactly one tenant.

Data is always organised per tenant because at the scale QAudit is designed for — where a single organisation may have hundreds of thousands of downstream customers — serialising all writes through a single chain would be a bottleneck. Each tenant has its own independent hash chain, so ingestion across tenants is fully parallel.

Two deployment patterns

The two-level model accommodates two common ways organisations use QAudit.

Direct customer

A direct customer is an organisation that owns and operates its own data. In this configuration:

  • There is typically one tenant corresponding to the organisation itself.
  • All events belong to that single tenant.
  • The dashboard shows that tenant's data directly.

Platform operator

A platform operator is an organisation that has integrated Quadient products — such as PA, SIG, or other Quadient services — into its own offering. QAudit gives that operator observability over the service's behaviour across their customer base. In this configuration:

  • Each of the partner's downstream customers is a separate tenant.
  • The operator's dashboard shows aggregated KPIs across all tenants.
  • Per-tenant drill-down is available in-app for audit and incident workflows.

Signing keys and tenants

A single signing key covers all tenants under one organisation. The key is managed by QAudit's key management system and the private component never leaves it.

When the platform rotates a signing key, events previously signed under the old key remain verifiable against it. See Signing and integrity for the full key model.

Roles

Tentative

This section reflects the planned role model and may evolve before general availability. Role names, boundaries, and capabilities described here are subject to change.

QAudit uses a role-based access control model. Roles are assigned to users within an organisation and determine which parts of the dashboard they can access.

CLIENT_BUSINESS

The primary role for business-side users — operations managers, compliance officers, and KPI owners.

Typical capabilities:

  • View KPI dashboards and history.
  • Download evidence packs.
  • View the event explorer (read-only).
  • Subscribe to periodic reports.

Cannot:

  • Access tenant configuration.
  • Assign roles to other users.

CLIENT_IT

The role for technical integrators and IT administrators within the organisation.

Typical capabilities:

  • Everything CLIENT_BUSINESS can do.
  • View signing key information (public key, rotation history).
  • Manage tenant configuration (event type mappings, KPI definitions).
  • Access API credentials and manage emitter registrations.

AUDITOR

A read-only role for external auditors granted temporary or periodic access.

Typical capabilities:

  • View KPI values and their settlement state.
  • Download evidence packs.
  • View the event explorer in read-only mode.
  • Access chain integrity status.

Cannot:

  • Access user management or configuration.

Role assignment

User accounts are provisioned through the organisation's own identity provider — QAudit does not create accounts. Roles are assigned to existing users by the organisation administrator through the dashboard. There is no self-service role escalation. A user holds one role per organisation.