Loading…
Loading…
Capabilities
Everything Tessera offers to power your case & workflow management — from domain packs to GDPR-ready compliance, all on a single multi-tenant instance.
Pre-built for ITSM, Security, Assets, and 11 more domains. Activate per tenant at runtime.
Create data models at runtime. No code, no deploys. Fields, relations, validations.
Pure state machine. Version-controlled with in-flight protection. Any entity.
JSON DSL for complex queries. Aggregations, cross-relations, LATERAL joins.
PostgreSQL RLS. True isolation. 100+ tenants on a single instance.
RBAC + row-level ACL. GDPR 3-phase erasure. Full audit trails.
Pre-built for ITSM, Security, Assets, and 11 more domains
Domain Packs are curated bundles of entity types, workflows, dashboards, and field configurations that cover an entire business domain out of the box. Whether you run an IT service desk, a security operations center, or an asset management office, a single click activates the right data model for each tenant.
Each pack is independently versioned and upgradeable. When a new version ships, tenants can preview the diff and adopt it on their own schedule — no downtime, no data loss.
Need a domain that does not exist yet? Compose a new pack from existing building blocks or start from scratch with the Custom Entities engine.
Create data models at runtime
Custom Entities let tenants define their own data models at runtime through a declarative API. Add fields, define relationships between entity types, attach validation rules — all without writing a single line of backend code.
Under the hood, Tessera stores metadata in a schema registry and uses PostgreSQL JSONB columns with generated indices for performant queries. This means zero-downtime schema changes and instant rollback.
Relations support one-to-many, many-to-many, and polymorphic associations. Combined with the Query Engine, even complex cross-entity reports are fast and straightforward.
Pure state machine
The Workflow Engine models every lifecycle as a deterministic state machine. States, transitions, guards, and side-effects are defined declaratively and attached to any entity type — standard or custom.
Workflow definitions are version-controlled. When you publish a new version, in-flight instances continue on the version they started with. New instances automatically pick up the latest version. No ambiguity, no orphaned cases.
Guards can evaluate field values, user roles, related-entity state, or call external services. Side-effects trigger webhooks, update fields, send notifications, or spawn child workflows — all configurable without code.
JSON DSL for complex queries
The Query Engine exposes a JSON-based DSL that translates to optimised PostgreSQL queries at runtime. Filter, sort, paginate, and aggregate across any combination of standard and custom entity fields.
Cross-relation queries leverage PostgreSQL LATERAL joins to efficiently traverse relationships without N+1 overhead. Whether you need "all incidents linked to assets in building 7" or "open cases per assignee per week", one query handles it.
Aggregation pipelines support count, sum, average, min, max, and percentile functions. Group by any field — including nested JSONB paths — and stream results for real-time dashboards.
PostgreSQL RLS
Tessera implements multi-tenancy at the database level using PostgreSQL Row-Level Security (RLS). Every query is automatically scoped to the current tenant — there is no application-level filter that could be bypassed.
A single Tessera instance comfortably serves 100+ tenants. Each tenant gets its own configuration namespace, domain packs, workflows, and user directory while sharing the same compute and storage infrastructure.
Tenant provisioning is fully automated: create a tenant via the API, and within seconds it has its own isolated slice of the database, default configuration, and admin user — ready to onboard.
RBAC + row-level ACL
Access control operates on two layers: role-based access control (RBAC) determines what a user can do, while row-level ACLs determine which records they can see. Together they enforce least-privilege access at every API call.
GDPR compliance is built in with a three-phase erasure pipeline: soft-delete, anonymisation, and hard-delete. Each phase is audited, reversible within its retention window, and configurable per entity type.
Every state change, data mutation, and access event is recorded in an append-only audit log. Logs are tenant-scoped, tamper-evident, and exportable for external SIEM integration.
See how Tessera can unify your case management across every domain. Get a personalized walkthrough from our team.