Skip to main content

Overview

Risk Legion uses PostgreSQL (via Supabase) with a normalized schema design. The database implements Row-Level Security (RLS) for multi-tenant data isolation and comprehensive audit logging.

Schema Design Principles

Core Tables

Enterprise & User Management

enterprises

Top-level tenant organization.

enterprise_users

Links users to enterprises with roles.

Organization Structure

Legal organizational units with hierarchical structure.

business_units

Operational divisions within legal entities.

products

Financial products with JSONB arrays for flexible attributes.

Risk Library

risk_scenarios

Risk scenario definitions.

sub_controls

Control instances with effectiveness ratings.

Business Risk Assessments

business_risk_assessments

Master BRA record.

bra_risk_ratings

Risk ratings (inherent and residual).

Mitigation Actions

Audit Log

The audit_log table is immutable. No UPDATE or DELETE operations are permitted.

BRA Snapshots

Layer 2: Historical Data

le_assessed_risk_scenarios

Stores historical assessment data for efficiency:
Purpose:
  • Pre-fills new BRAs with previous assessment data
  • Enables trend analysis without querying all historical BRAs
  • Updated automatically when BRAs are approved

Indexes

Risk Legion uses strategic indexes for performance:

Row-Level Security

RLS Policies

Every table has RLS policies enforcing tenant isolation:

RLS Hierarchy

Database Triggers

Automatic Timestamps

Risk Score Calculation

Data Retention