Multi-Tenancy: Build It In or Bolt It On?
Multi-tenancy is the difference between a tool for individuals and a platform for teams. It's also one of the hardest features to retrofit into an existing application.
When users belong to organizations, everything changes: data isolation, billing, permissions, invitations, workspace switching. Get it wrong and you leak data between tenants. Get it right and your SaaS scales from 1 user to 1,000 organizations without architectural changes.
Three boilerplates take multi-tenancy seriously from day one: Supastarter, Volca, and Bedrock. Each approaches the problem differently.
TL;DR
Supastarter ($299-$349) has the most complete multi-tenancy with organizations, member management, RBAC, per-org billing, and workspace switching — supporting both Next.js and Nuxt. Volca ($149-$399) focuses on multi-tenant project workspaces with clean data isolation. Bedrock ($395-$995) targets enterprise with advanced RBAC, audit logs, and SOC 2 compliance patterns. Choose Supastarter for the best all-around multi-tenancy. Choose Bedrock for enterprise compliance.
Key Takeaways
- All three handle the basics — organizations, member invites, data scoping. The differences are in depth and edge cases.
- Supastarter's multi-tenancy is the most complete — org switching, per-org billing, RBAC, invitations with role assignment, and a clean tenant context throughout the app.
- Bedrock targets enterprise with audit logs, SOC 2 patterns, and granular permissions. If compliance matters, Bedrock is the choice.
- Volca uses a "project" model instead of "organizations" — similar concept, different UX (think Vercel's project-based navigation).
- Data isolation approach matters. All three use row-level isolation (shared database, filtered queries). None uses schema-level or database-level isolation.
- Adding multi-tenancy later is painful. Every database query needs tenant scoping. Every route needs org context. Every permission check needs org awareness. Start with it.
Multi-Tenancy Architecture
Data Isolation Approaches
All three boilerplates use shared database with row-level isolation:
┌─────────────────────────────────┐
│ Shared PostgreSQL Database │
│ ┌─────────┬─────────┬────────┐ │
│ │ Org A │ Org B │ Org C │ │
│ │ data │ data │ data │ │
│ │ (org_id │ (org_id │ (org_id│ │
│ │ = 1) │ = 2) │ = 3) │ │
│ └─────────┴─────────┴────────┘ │
└─────────────────────────────────┘
Every table that stores tenant data has an org_id column. Every query filters by the current tenant's ID. This is the most common approach for SaaS because it's simple to manage and scales well.
The risk: A missing WHERE org_id = ? clause leaks data between tenants. The boilerplates mitigate this differently:
-
Supastarter: Middleware sets the tenant context. All database queries use Prisma's
whereclause with the current org ID. - Volca: Project-scoped middleware filters all queries through the current project context.
- Bedrock: Uses Prisma middleware to automatically add org_id filtering to every query — harder to accidentally bypass.
Organization Model Comparison
| Feature | Supastarter | Volca | Bedrock |
|---|---|---|---|
| Entity name | Organization | Project | Team/Organization |
| URL pattern | /org/{slug}/... |
/project/{id}/... |
/team/{slug}/... |
| Workspace switching | ✅ Dropdown | ✅ Dropdown | ✅ Dropdown |
| Personal workspace | ✅ Default org | ⚠️ Optional | ✅ Default team |
| Nested orgs | ❌ | ❌ | ❌ |
| Org-level settings | ✅ Full | ✅ Basic | ✅ Full |
| Custom domains | ❌ | ❌ | ⚠️ Manual |
| Org creation limit | ✅ Configurable | ✅ Plan-based | ✅ Configurable |
Member Management
| Feature | Supastarter | Volca | Bedrock |
|---|---|---|---|
| Email invitations | ✅ With role | ✅ Basic | ✅ With role |
| Invite links | ✅ | ❌ | ✅ |
| Pending invites list | ✅ | ✅ | ✅ |
| Revoke invitation | ✅ | ✅ | ✅ |
| Member removal | ✅ | ✅ | ✅ |
| Role assignment | ✅ Multiple roles | ⚠️ Basic roles | ✅ Granular |
| Transfer ownership | ✅ | ❌ | ✅ |
| Member limit per org | ✅ Plan-based | ✅ Plan-based | ✅ Plan-based |
Role-Based Access Control (RBAC)
| Feature | Supastarter | Volca | Bedrock |
|---|---|---|---|
| Default roles | Owner, Admin, Member | Owner, Member | Owner, Admin, Member, Viewer |
| Custom roles | ⚠️ Code-defined | ❌ | ✅ Admin-defined |
| Permission granularity | Feature-level | Role-level | Action-level |
| UI permission guards | ✅ Components | ✅ Basic | ✅ Components + hooks |
| API permission guards | ✅ Middleware | ✅ Middleware | ✅ Middleware + decorators |
| Audit logs | ❌ | ❌ | ✅ Built-in |
Bedrock's RBAC is the most sophisticated. Permissions are action-level (e.g., project:create, member:invite, billing:manage), and custom roles can be created by team admins through the UI. Audit logs track who did what, when — critical for enterprise compliance.
Supastarter's RBAC is practical for most B2B SaaS. Feature-level permissions (can this role access billing? Can they manage members?) cover 90% of use cases without the complexity of action-level granularity.
Billing in Multi-Tenant Context
| Feature | Supastarter | Volca | Bedrock |
|---|---|---|---|
| Per-org billing | ✅ | ✅ | ✅ |
| Per-user billing | ✅ | ❌ | ✅ |
| Per-seat pricing | ✅ Auto-count | ❌ | ✅ Auto-count |
| Org plan limits | ✅ Members, features | ✅ Projects, storage | ✅ Members, features, usage |
| Free tier per org | ✅ | ✅ | ✅ |
| Trial per org | ✅ | ✅ | ✅ |
| Billing admin role | ✅ | ❌ (owner only) | ✅ |
The key question: who pays — the user or the organization?
- Per-user billing (Slack model): Each user has their own subscription. Simpler but limits team features.
- Per-org billing (GitHub model): The organization subscribes. Members are added/removed. The subscription quantity adjusts.
- Per-seat billing (Atlassian model): The organization pays per active member. Adding a team member automatically increases the bill.
Supastarter and Bedrock support all three models. Volca supports per-org billing only.
Implementation Quality
Data Isolation Testing
| Test | Supastarter | Volca | Bedrock |
|---|---|---|---|
| Cross-tenant query protection | ✅ Middleware | ✅ Middleware | ✅ Prisma middleware |
| API endpoint isolation tests | ⚠️ Manual | ⚠️ Manual | ✅ Automated |
| Webhook tenant resolution | ✅ | ✅ | ✅ |
| File upload isolation | ⚠️ Manual path scoping | ⚠️ Manual | ✅ Tenant-scoped buckets |
| Search isolation | ✅ Scoped | ✅ Scoped | ✅ Scoped |
Bedrock's automated cross-tenant testing is notable. Test suites verify that User A in Org A cannot access Org B's data through any API endpoint. This is the kind of security testing that enterprise customers audit for.
Migration from Single-Tenant
If your boilerplate doesn't include multi-tenancy, adding it later requires:
- Adding
org_idto every tenant-scoped table (migration) - Backfilling
org_idfor existing data (data migration) - Adding
WHERE org_id = ?to every query (code changes across entire codebase) - Adding org context to every route (middleware)
- Building the invitation/member management UI (new feature)
- Updating billing to support per-org subscriptions (billing refactor)
- Testing for data leakage across every endpoint (security audit)
Estimated time: 3-6 weeks for a moderately complex SaaS. This is why starting with multi-tenancy matters.
Pricing
| Boilerplate | Price | Multi-tenancy tier |
|---|---|---|
| Supastarter | $299-$349 (one-time) | All tiers |
| Volca | $149-$399 (one-time) | All tiers |
| Bedrock | $395-$995 (one-time) | All tiers |
Bedrock is the most expensive but includes enterprise features (audit logs, compliance patterns) that the others don't. Volca is cheapest but has the simplest multi-tenancy. Supastarter offers the best value — comprehensive multi-tenancy at a mid-range price.
When to Choose Each
Choose Supastarter If:
- You need solid multi-tenancy without enterprise complexity — org management, RBAC, per-org billing
- Multi-framework support matters — Next.js and Nuxt variants available
- Per-seat billing is important — automatic seat counting and subscription adjustments
- You want the broadest feature set — billing, i18n, email, waitlist, onboarding + multi-tenancy
Choose Volca If:
- Budget is tight ($149 entry price)
- "Project" model fits your product — Vercel-style project switching vs Slack-style org management
- Simplicity is preferred — fewer features, less complexity
- You're building project-management or workspace-style SaaS
Choose Bedrock If:
- Enterprise compliance matters — SOC 2 patterns, audit logs, granular permissions
- You're selling to large organizations who require security audits
- Custom roles are needed — admin-defined roles with action-level permissions
- You want automated security testing — cross-tenant isolation tests built-in
Compare multi-tenancy features across 50+ boilerplates on StarterPick — filter by team management, RBAC, and billing model.
Top comments (0)