How do you design multi-tenant SaaS data isolation?
Reported in Nokia European engineering loops. Architecture discussion around tenant security and scaling models.
Interview scenario
Context for Nokia candidates:
Build a B2B SaaS platform supporting many tenants with different compliance needs.
Model answer
Try answering aloud first
Cover trade-offs, structure, and a concrete example before revealing the baseline response.
How to frame this at Nokia: Connect your answer to measurable impact, clarity of thought, and trade-offs the team cares about. Below is a strong baseline response you can adapt with your own project examples.
Explain isolation options: shared schema with tenant id, schema per tenant, and database per tenant. Shared schema is cheapest but needs strict row-level authorization; dedicated databases improve isolation at higher operational cost.
Use tenant-scoped keys, quotas, and encryption boundaries. Always propagate tenant context through auth token, service calls, cache keys, and job queues to avoid cross-tenant data leaks.
Operationally, include tenant-aware observability and migration tooling so upgrades can be rolled out gradually without global risk.
Discussion
Comments (0)
Share how this question came up in your loop, or add tips for others preparing.
Log in to comment on this question.