Organization
Data Entity
Description
A tenant organization on the Meander platform (e.g. NHF, Blindeforbundet, HLF, Barnekreftforeningen). Acts as the primary multi-tenancy boundary: all operational data — users, activities, contacts, reports, configuration — is scoped to an organization. Each organization independently configures its enabled module set, terminology overrides, and access control policies.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key, globally unique organization identifier | PKrequiredunique |
name |
string |
Official display name of the organization (e.g. 'Norges Blindeforbund') | requiredunique |
slug |
string |
URL-safe unique identifier derived from name, used in API paths and internal references | requiredunique |
org_type |
enum |
Classification of the organization's role on the platform | required |
status |
enum |
Lifecycle status of the organization | required |
contact_email |
string |
Primary administrative contact email for the organization | required |
contact_phone |
string |
Primary phone number for the organization | - |
country_code |
string |
ISO 3166-1 alpha-2 country code (default 'NO' for Norway) | required |
locale |
string |
Default locale for the organization (e.g. 'nb-NO', 'nn-NO', 'en-US') | required |
bufdir_id |
string |
Organization's official Bufdir grant recipient identifier, used in compliance report generation | unique |
organization_number |
string |
Norwegian Brønnøysund organization number (9 digits) | unique |
enabled_modules |
json |
Array of area IDs representing which modules are toggled on for this organization. Backend source of truth for feature availability. Example: ['expense-reimbursement', 'encrypted-assignments'] | required |
support_access_until |
datetime |
Expiry timestamp for time-bounded Global Admin support access. Null means no support access granted. | - |
logo_url |
string |
URL to the organization's logo asset (used in admin portal and emails) | - |
primary_color |
string |
Hex color code for optional org-level branding override | - |
exclude_from_bufdir_reporting |
boolean |
When true, data from this organization is excluded from Bufdir exports (used for test organizations like Norse Test Organization) | required |
max_users |
integer |
Soft cap on the number of active users for this organization (0 = unlimited) | required |
onboarded_at |
datetime |
Timestamp when the organization was formally activated on the platform | - |
created_at |
datetime |
Record creation timestamp | required |
updated_at |
datetime |
Last modification timestamp | required |
deleted_at |
datetime |
Soft-delete timestamp; null means active | - |
Database Indexes
idx_organizations_slug
Columns: slug
idx_organizations_status
Columns: status
idx_organizations_bufdir_id
Columns: bufdir_id
idx_organizations_org_type
Columns: org_type
idx_organizations_deleted_at
Columns: deleted_at
idx_organizations_support_access_until
Columns: support_access_until
Validation Rules
name_min_length
error
Validation failed
slug_format
error
Validation failed
contact_email_valid
error
Validation failed
bufdir_id_uniqueness
error
Validation failed
organization_number_format
error
Validation failed
support_access_future_date
error
Validation failed
enabled_modules_valid_ids
error
Validation failed
primary_color_hex_format
error
Validation failed
country_code_iso
error
Validation failed
Business Rules
tenant_data_isolation
All queries against operational data tables (users, activities, contacts, expenses, assignments, etc.) MUST include an organization_id filter matching the authenticated user's organization. Cross-tenant reads are forbidden except for Global Admins with active support access.
module_toggle_backend_authority
The enabled_modules field is the authoritative source for feature availability. Every API endpoint belonging to a toggled module must check enabled_modules for the requesting user's organization before executing. Client-side module state is derived from the bootstrap response and is never authoritative.
always_on_modules_non_removable
The following module IDs may never be removed from enabled_modules for any organization: authentication-access-control, home-navigation, accessibility, help-support, profile-management (mobile); admin-dashboard, admin-user-management, admin-organization, admin-security (admin portal). Attempts to disable these must be rejected.
support_access_time_bound
Global Admins may only access an organization's operational data when support_access_until is set and has not expired. Every support access session must be logged in the org's audit trail. When support_access_until passes or is cleared, access is revoked immediately.
test_org_excluded_from_bufdir
Organizations with org_type='test' or exclude_from_bufdir_reporting=true must never appear in Bufdir exports or compliance reports.
soft_delete_cascades_suspension
When an organization is soft-deleted (deleted_at set) or status set to 'offboarded', all active user sessions for that organization must be invalidated and the organization must become invisible to all clients.
unique_slug_immutable
Organization slug is set once at creation and may never be changed. It is used as a stable reference in API paths and external integrations.
module_dependency_resolution
When enabling a module that depends on another module (declared in the module registry), the dependency module must also be enabled. The admin UI must surface this dependency rather than failing silently at runtime.