Audit and Validate Cross-Organization RLS Policy Coverage for Multi-Membership Users

The Membership RLS Policy Configuration is a critical security boundary in the multi-membership architecture. Cross-org queries are required exclusively for duplicate detection, but any misconfiguration of these policies could inadvertently expose one organization's data to another's administrators — a serious GDPR violation. The Global Administrator must be able to review the active RLS policy definitions, verify that the deduplication service's database role has only the narrowly scoped permissions required, and confirm that no other query path can access cross-organization activity data. This is an audit and verification capability, not a policy editing capability — policy changes require a separate deployment review process.

MEDIUM story-multi-org-membership-handling-global-admin-008 5 pts

Story Points

Medium

Priority

Multi-Organization Membership Handling

Feature

User Story

As a Global Administrator

I want to audit the Supabase Row Level Security policy configuration for multi-membership users and verify that cross-organization data access is strictly limited to deduplication service queries, with all other access patterns remaining fully isolated per organization

So that So that I can ensure GDPR compliance and data protection obligations are met when peer mentor data is accessed across organizational boundaries during duplicate detection, and that no unintended data leakage occurs between organizations

Acceptance Criteria

Given a Global Administrator navigates to the RLS policy audit view in the admin portal, when the view loads, then the active policies for the user_organization_memberships and related tables are displayed in a human-readable format
Given the RLS audit view is open, when the Global Administrator reviews the deduplication service's policy scope, then it is clearly documented which tables and columns the deduplication role can access and under what conditions
Given the Global Administrator runs a policy validation check, when the check completes, then it confirms that no Organization Administrator role can query activity data belonging to a different organization — even for users with multi-organization memberships
Given the RLS policy audit shows a misconfiguration or unexpected permission scope, when the issue is detected, then the system raises an alert to the Global Administrator with the affected policy name and recommended remediation steps
Given a Global Administrator reviews the cross-org access log, when they filter by the deduplication service role, then only deduplication-related queries are present — confirming no other service is leveraging the elevated cross-org permissions

Business Value

GDPR compliance requires demonstrable data isolation between organizations. A documented, auditable RLS policy for cross-organization membership queries gives Global Administrators the evidence needed to respond to data protection inquiries, prevents unintended organizational data leakage, and ensures the multi-membership feature's security model can withstand regulatory scrutiny.

Components

Membership RLS Policy Configuration infrastructure
Membership Repository data
Membership Service service

Multi-Organization Membership Handling

Related Feature

Global Administrator

User Role