Overview
Risk Legion uses PostgreSQL (via Supabase) with a normalized schema design. The database implements Row-Level Security (RLS) for multi-tenant data isolation and comprehensive audit logging.
Schema Design Principles
Core Tables
Enterprise & User Management
enterprises
Top-level tenant organization.
enterprise_users
Links users to enterprises with roles.
Organization Structure
legal_entities
Legal organizational units with hierarchical structure.
business_units
Operational divisions within legal entities.
products
Financial products with JSONB arrays for flexible attributes.
Risk Library
risk_scenarios
Risk scenario definitions.
sub_controls
Control instances with effectiveness ratings.
Business Risk Assessments
business_risk_assessments
Master BRA record.
bra_risk_ratings
Risk ratings (inherent and residual).
Mitigation Actions
Audit Log
The audit_log table is immutable. No UPDATE or DELETE operations are permitted.
BRA Snapshots
Layer 2: Historical Data
le_assessed_risk_scenarios
Stores historical assessment data for efficiency:
Purpose:
- Pre-fills new BRAs with previous assessment data
- Enables trend analysis without querying all historical BRAs
- Updated automatically when BRAs are approved
Indexes
Risk Legion uses strategic indexes for performance:
Row-Level Security
RLS Policies
Every table has RLS policies enforcing tenant isolation:
RLS Hierarchy
Database Triggers
Automatic Timestamps
Risk Score Calculation
Data Retention