← Back

Jotform Teams — Multi-Tenant Collaboration Platform

Enterprise-Scale Backend Architecture with RBAC and Data Isolation

My Role
Senior Backend Engineer
Team
Enterprise Product Team
Scope
Core backend architecture
Tech Stack
PHP · MySQL · REST APIs · RBAC

I played a key role in designing and implementing the core backend architecture of Jotform Teams, an enterprise-grade collaboration platform that enables organizations to manage shared assets with strict role-based access control, ownership isolation, and auditability.

The system was designed to support large organizations with multiple teams, roles, and compliance requirements, while remaining performant and maintainable at scale.

Problem & Context

Before Jotform Teams, collaboration was limited and asset ownership was tightly coupled to individual users. This created multiple challenges:

  • No true isolation between teams and organizational units
  • Risk of data loss when users left organizations
  • Lack of centralized role and permission management
  • Difficulty scaling collaboration features for enterprise customers

The goal was to design a multi-tenant team system that could safely manage forms, data, and assets across organizations, while supporting enterprise-grade security and future scalability.

My Role & Ownership

I worked as a senior backend engineer within the Enterprise Product Team, owning critical parts of the Teams backend architecture:

01

Team ownership and ghost user model

02

Role-based access control (RBAC) system

03

Centralized permission enforcement at router and SDK level

04

Database schema design for teams, roles, permissions, and invitations

I was responsible for making architectural decisions that balanced security, performance, and long-term maintainability.

Technical Architecture

Team Ownership & Data Isolation

To prevent data loss and enable enterprise-level control, we introduced a ghost user ownership model on enterprise servers:

  • All team assets are owned by a non-login ghost user instead of a real person
  • Prevents asset and submission loss when users are removed
  • Simplifies encryption handling on HIPAA and enterprise servers
  • Enables safe migration of assets between teams without re-encryption

This design decoupled user lifecycle from data ownership, which is critical for enterprise environments.

Role-Based Access Control (RBAC)

I helped design and implement a flexible RBAC system with:

  • Multiple team roles (Admin, Collaborator, Viewer, Creator, etc.)
  • Fine-grained permission mapping per role and resource type
  • Central permission tables and role-permission mapping tables in MySQL
  • Invisible system roles (e.g., super admin, fallback roles) for internal control and safety

Permissions were enforced consistently across backend APIs and frontend interactions.

Centralized Permission Enforcement

To avoid scattered permission checks, we implemented central enforcement mechanisms:

Router-Level Enforcement
  • Extended the PHP routing layer to define minimum role requirements per endpoint
  • Middleware-based checks to block unauthorized access early in the request lifecycle
SDK-Level Enforcement
  • Extended the internal PHP SDK (JFEnterpriseSDK) to resolve current team context
  • Initialize user roles dynamically
  • Centralize isAllowed permission checks

This approach reduced duplicated logic and made permission behavior predictable and auditable.

Backend APIs & Internal Framework

  • Designed REST APIs for team creation, membership, invitations, and role management
  • Extended the internal PHP framework to be team-aware without breaking existing endpoints
  • Introduced team-aware routing prefixes to reduce additional database lookups
  • Ensured backward compatibility for non-team resources

The system was designed to scale horizontally while keeping API contracts stable.

Database Design (MySQL)

I contributed to designing normalized relational schemas for:

Teams & team spacesTeam roles & permissionsRole-permission mappingTeam-user-role relationsInvitations & metadata

The schema prioritized:

  • Clear ownership boundaries
  • Efficient permission lookups
  • Minimal joins for hot paths
  • Long-term extensibility

Frontend Integration & Performance

Although backend-focused, the architecture supported frontend performance and usability:

  • Axios interceptors automatically injected team context into requests
  • Reduced unnecessary SQL queries by passing team identifiers explicitly
  • Enabled seamless switching between personal and team workspaces
  • Ensured consistent permission handling across frontend products

This reduced frontend complexity while keeping authorization logic centralized.

Challenges Solved

Designing a multi-tenant system without breaking existing single-user flows
Enforcing permissions consistently across many products and endpoints
Preventing data loss in enterprise environments
Keeping permission checks performant at scale
Building a future-proof foundation for additional enterprise features

Impact

Enterprise
Grade collaboration
Multi-tenant
Team isolation
RBAC
Fine-grained control
Zero
Data loss risk
  • Enabled enterprise-grade collaboration across the Jotform platform
  • Safely supported organizations with multiple teams and roles
  • Reduced operational risk related to user churn and data ownership
  • Established a scalable foundation for future enterprise features
  • Successfully launched and adopted by enterprise customers

Outcome

Jotform Teams became a core enterprise feature, enabling secure collaboration, centralized control, and scalable asset management. The system laid the groundwork for future enterprise capabilities while maintaining strong security and performance guarantees.