Capabilities

Tenancy & Security

Fail-closed multi-tenancy and declarative authorization — the WHERE clause you can't forget, the auth check that can't ship missing.

The two most expensive one-line bugs in SaaS are a missing tenant filter and a missing auth check. Relay’s answer to both is the same philosophy: fail closed — the safe behavior is the default and the unsafe one must be declared.

What ships (tenancy): tenant resolution and enforcement in the pipeline, [TenantScoped] / [GlobalOperation] postures, and storage isolation modes to match your scale: shared tables with row-level security, schema-per-tenant, or database-per-tenant.

What ships (authorization): declarative message-level policies — [AllowAnonymous], [RequireRole], [RequirePermission], [RequireClaim], [RequirePolicy], and custom IAuthorizationPolicy implementations. A message with no posture stops the host at startup; an open endpoint is a decision, never an accident.

The stories behind it: The Tenant Who Saw Someone Else’s Data and The Auth Check Everyone Forgot.

Learn by building

The tutorials for this area, in order — each with a runnable sample.