Organization Modules
Data Entity
Description
Per-tenant module toggle registry that records which functional areas (modules) are enabled for each organization. Backend is the source of truth: the API returns the enabled module set at session bootstrap, and every module-scoped endpoint checks this set before executing. Clients render navigation, home surfaces, and deep links only for enabled modules.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key identifying this organization-module toggle row | PKrequiredunique |
organization_id |
uuid |
Foreign key to the owning organization | required |
module_id |
string |
Area ID acting as the module identifier (e.g. expense-reimbursement, encrypted-assignments, certification-training). 1:1 with the canonical area taxonomy. | required |
enabled |
boolean |
Whether the module is currently active for this organization | required |
is_always_on |
boolean |
True for core modules that cannot be disabled for the owning product (e.g. authentication-access-control, admin-organization) | required |
product |
enum |
Which product surface this module belongs to | required |
dependencies |
json |
Array of module_ids this module requires; enabling implicitly enables dependencies | - |
config |
json |
Per-module configuration values (e.g. speech-to-text flag for activity-registration, receipt threshold for expense-reimbursement) | - |
enabled_at |
datetime |
Timestamp of last enable transition | - |
disabled_at |
datetime |
Timestamp of last disable transition | - |
updated_by_user_id |
uuid |
User (Org Admin or Global Admin) who last changed the toggle | - |
created_at |
datetime |
Row creation timestamp | required |
updated_at |
datetime |
Row last-update timestamp | required |
Database Indexes
idx_organization_modules_org_module
Columns: organization_id, module_id
idx_organization_modules_org_enabled
Columns: organization_id, enabled
idx_organization_modules_module_id
Columns: module_id
Validation Rules
module_id_in_area_taxonomy
error
Validation failed
unique_module_per_organization
error
Validation failed
organization_must_exist
error
Validation failed
product_matches_module
error
Validation failed
config_shape_per_module
error
Validation failed
dependencies_resolve
error
Validation failed
actor_authorized
error
Validation failed
Business Rules
always_on_modules_cannot_be_disabled
Modules flagged is_always_on=true for their product (mobile: authentication-access-control, home-navigation, accessibility, help-support, profile-management; admin: admin-dashboard, admin-user-management, admin-organization, admin-security) cannot be set to enabled=false.
dependency_auto_enable
Enabling a module whose dependencies array references other modules implicitly enables those dependencies for the same organization.
dependent_modules_block_disable
A module cannot be disabled if another enabled module for the same organization declares it as a dependency.
backend_enforces_module_gate
Module-scoped API endpoints reject calls when the caller's tenant does not have the corresponding module enabled.
sales_website_excluded
Sales website areas (sales-product, sales-calculator, sales-demo, sales-legal) MUST NOT appear in organization_modules — the sales site has no tenant or module concept.
audit_toggle_changes
Every enable/disable transition is written to audit_logs with the actor user, organization, module_id, and previous/new value.
client_renders_from_enabled_set
Clients (mobile, admin web) compose navigation and home surfaces solely from the enabled module set returned at bootstrap; disabled modules are not mounted.