How would you implement access control for address data in a multi-tenant system?

• A. Use a global admin role with full access for all tenants.
• B. Implement field-level encryption only.
• C. Rely on application-level checks only.
• D. Tenant-scoped RBAC, enforce at service and DB layers, and ensure data isolation and tenant-aware auditing.

Answer: (D)

Access control in a multi-tenant system must consistently enforce who can access which address data across all layers, while ensuring tenants stay isolated and activities are auditable. Tenant-scoped RBAC defines roles per tenant and binds permissions to those roles, so a user’s access aligns with their tenant’s policies. Enforcing these rules at both the service layer and the database layer creates defense in depth: no matter how data is accessed—through APIs, internal services, or direct queries—the same checks apply. Data isolation ensures tenants cannot read each other’s data, and tenant-aware auditing records access with the correct tenant context for accountability. This approach provides least privilege, strong separation, and clear traceability, which are critical in multi-tenant environments.

Global admin with full access undermines isolation and defeats least-privilege principles. Field-level encryption protects data at rest but doesn’t enforce who can access data at runtime and can still leave decryption rights exposed. Relying on application-level checks only can be bypassed or implemented inconsistently, whereas enforcing at multiple layers with proper tenancy context prevents gaps and strengthens security.