Enforce Organization Data Isolation
## Problem statement Organizations must be [isolated](https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/organization/isolation/): this means all data and functionality across GitLab can never cross an Organization boundary. This epic concerns itself with the delineation of an Organization boundary at the data level and the enforcement of this boundary across all parts of GitLab. ![image](https://gitlab.com/-/group/9970/uploads/47a21e9d40363413d2ca4e7c878e6510/image.png) ## How this will work Organization Data Isolation is accomplished by three different features: - [Organization Isolation Context](https://gitlab.com/groups/gitlab-org/-/work_items/18055): the application knows to what organization a request (api call, web request) belongs. - [Organization Isolation State Tracking](https://gitlab.com/groups/gitlab-org/-/work_items/20979): the application knows that an organization is isolated: it does not have references to other organizations (similar to GitLab Dedicated) - [Organization Isolation Enforcement](https://gitlab.com/groups/gitlab-org/-/work_items/11838): the application prevents creating, reading or updating data related to other organizations These three features work together: We need to know **which** organization the user wants to access and we need to know the **state** of that organization (isolated or not). Based on that, we can **enforce** data isolation. ## FY26Q3 - Deem a top-level group as being in an isolated state. - Enforce isolation on that top-level group to maintain state integrity. - Unsupported Organization actions will invalidate the isolation state. - Enforce isolation on that Organization. The following secondary targets will also be in place: - Organization scoped paths: All necessary paths that don't define an Organization Context within the path, params, or headers will be modified to do so. ## Exit criteria - All execution paths will be isolated within an Organization context. - All database tables will be sharded - Organization data isolation will be validated and enforced to a level that satisfies the ProtoCells exit criteria ## DRI @rutgerwessels ## Links - https://gitlab.com/gitlab-org/gitlab/-/merge_requests/184361+ <!-- STATUS NOTE START --> ## Status 2026-07-09 :clock1: **total hours spent this week by all contributors**: 20 :tada: **achievements**: - Organizatin context: We were lacking organizaion context in our Rest API. The rason is that we need a manual change in all API's. Until now. https://gitlab.com/gitlab-org/gitlab/-/work_items/558544+ was succesfully rolled out and improved automatically setting the correct Organization for a given context. This greatly increased the number of API requests that are scoped to an organization. :arrow_forward: **next**: - Improve documention for Organization Isolation - Discussion around Cron Workers https://gitlab.com/gitlab-org/gitlab/-/work_items/599101+ _Copied from https://gitlab.com/groups/gitlab-org/-/epics/17388#note_3539105324_ <!-- STATUS NOTE END -->
epic