Skip to content

Business units & multi-tenancy

What it is

A business unit (BU) is a tenant — one operating company on the platform. Every piece of operational data (employees, terminals, rosters, leave, and so on) belongs to exactly one business unit, and ManpowerIQ keeps each BU's data strictly separate from every other's.

Why it exists

One ManpowerIQ deployment can serve several operating companies at once. They must never see or touch each other's people, plans, or rosters — not by accident, and not on purpose. The business unit is the boundary that guarantees that separation, so each company experiences the system as if it were theirs alone.

Key concepts & terms

  • Business unit (BU) — a tenant: one operating company. It is the root of everything below it (terminals, departments, employees…).
  • Multi-tenancy — one system, many isolated tenants sharing the same software but never the same data.
  • Tenant-scoped data — records that carry a business-unit stamp and are visible only within that BU.
  • Global (shared) data — a small set of reference data shared by all BUs, such as the permission catalog and certain lookups. These carry no business-unit stamp.
  • Super admin — an administrator who can reach across business units; reserved for trusted, system-level work.

How it works

Every tenant-owned record carries a business-unit stamp. Three independent layers keep tenants apart, so isolation does not depend on any single piece of code getting it right:

  1. Reads are filtered. Every query the application makes is automatically narrowed to your business unit — you simply never receive another BU's rows.
  2. Writes are stamped and guarded. When you create a record it is stamped with your BU, and the system refuses any attempt to write into a different BU (or to move a record between BUs).
  3. The database enforces it too. The database itself applies row-level security, so even a low-level query cannot see or change another tenant's data.

A small amount of shared reference data sits outside this scoping on purpose — the permission catalog and some system lookups are the same for everyone. Everything operational is tenant-scoped.

A business unit itself is set up during system provisioning, not through a self-service admin screen — there is no "create a business unit" page in the product today.

Rules & what's enforced

  • You only ever see your own business unit's data — enforced at the query layer, at the write layer, and in the database.
  • Cross-tenant writes are blocked. Creating into another BU, or changing a record's BU, is refused for ordinary users.
  • Codes are unique within a business unit, not globally — two BUs can each have a terminal coded T1. (Business-unit codes themselves, and a few global lookups, are the exception.)
  • Super admins are the deliberate exception that can cross BU boundaries.

What's live vs planned

  • Multi-tenant isolation is live — query filtering, write stamping, and database row-level security all ship and are enforced.
  • There is no business-unit management screen. A BU is created during provisioning (seed/migration), so "BU administration" is not a user-facing feature.
  • Note: the historical mention of a "stubbed, always-BU-1" tenant in older design notes is out of date — the live system reads the real tenant from each signed-in user.