PMFA
← Return to Index
014

Schemas Are Legal Boundaries

A schema is not documentation. It is a legal boundary. What the schema forbids cannot happen.
Version 1.0.0 — Ratified

Schemas Are Legal Boundaries

A schema is not a namespace. A schema is jurisdiction.

Anything inside a schema is governed by its law. Anything outside is not.

I. The Mistake of Treating Schemas as Organization

Many systems use schemas to:

group tables

avoid name collisions

structure databases

This treats schemas as folders.

Folders organize files. Jurisdictions govern behavior.

A schema is not convenience. It is authority.

II. Law Requires Physical Separation

Legal boundaries must be:

explicit

enforceable

impossible to cross accidentally

Logical separation in code does not satisfy this.

Only structural separation does.

Schemas create physical boundaries the database enforces.

III. Why tenant_id Is a Legal Failure

tenant_id-based systems claim isolation without jurisdiction.

They place multiple legal entities inside the same legal space.

This is cohabitation, not separation.

When data lives under one schema, it lives under one law.

IV. Jurisdiction Must Be Provable

Auditors do not ask:

“Do you filter correctly?”

They ask:

“Is access legally impossible?”

Schemas answer this.

Queries cannot cross schemas without explicit privilege.

Impossibility is proof.

V. Schemas Enable Irreversible Isolation

With schema-level isolation:

permissions are scoped

policies are absolute

accidents fail closed

A query written incorrectly does not leak data.

It fails.

Failure is lawful. Leakage is not.

VI. Schema Per Tenant Is Not an Optimization

It is not about:

performance

scalability

convenience

It is about:

liability

jurisdiction

compliance

provability

Anything less is legally ambiguous.

VII. Cross-Schema Access Must Be Lawful

When cross-schema access exists:

it must be explicit

it must be audited

it must be versioned

it must be minimal

Implicit access is unauthorized access.

VIII. Final Conclusion

Schemas are legal boundaries.

A lawful system:

assigns each legal entity its own schema

enforces access at the database level

treats schema crossing as a legal act

Anything else collapses jurisdictions and pretends isolation exists.

Canonical text. Interpretations are invalid.
SHA-256: 7e40a4f9ef83001e1038d2a3ee655f9d7778e5be682b7c0149b0e1f22ca3e0eb