#Multi-tenancy

Full Chinese version: /guide/core/multi-tenancy.

#Four isolation levels

#Config

[summer-sharding]
enabled = true

[summer-sharding.tenant]
default_isolation = "shared_row"
enabled = true
tenant_id_source = "request_extension"   # injected by summer-auth

[summer-sharding.tenant.row_level]
column_name = "tenant_id"
strategy = "sql_rewrite"   # sql_rewrite | rls

#How rewriting works

Business code stays plain SeaORM:

SysUser::find().filter(SysUser::Column::Username.eq("alice")).all(db).await?;

The plugin pipeline parses the prepared SQL, injects the tenant context, and emits the rewritten SQL transparently. Business code stays agnostic.

#Verification

-- watch SQL hitting the DB
SELECT query FROM pg_stat_activity WHERE state = 'active' AND query ILIKE '%user%';
-- you'll see ... AND tenant_id = $N appended

Or enable SeaORM logging:

[sea-orm]
enable_logging = true

#Capabilities included

• encrypt/ — column-level encryption before persisting
• masking/ — output masking by rule (phone, ID, email)
• shadow/ — mirror traffic to a shadow DB
• audit/ — pluggable SqlAuditor hooks
• cdc/ — Postgres logical replication (pgwire-replication)
• migration/ — assist in moving tenants between isolation modes
• ddl/ — DDL fan-out across tenants

#Tables shared across tenants

Add to ignore list:

[summer-sharding.tenant]
ignore_tables = ["sys.dict_type", "sys.dict_data", "sys.config"]

#Source files

• crates/summer-sharding/src/{config,tenant,rewrite,encrypt,masking,cdc,migration,ddl}/
• crates/summer-sql-rewrite/src/