Designing a Firestore database that ensures information from separate entities remains private
I'm working on a mobile app that will be used by several different entities (cities) but I have a few concerns regarding the way I designed the database. The information involved in the database is sensitive in the way that one entity should have no way of viewing the information that belongs to another entity.
For reference, I'm using Google's Cloud Firestore as my backend which is a NoSQL database structured using documents and collections. The way the app will work is that a user belonging to a specific entity will post to and read information from that entity. There will also be a web dashboard that pulls information from that same entity via expressive querying to display it in a dashboardy way.
[Collection] Cities - [Doc] abc123 name: Miami state: Florida [Collection] Posts - [Doc] post1 - [Doc] post2 [Collection] Users - [Doc] user1 - [Doc] user2 - [Doc] abc124 name: Los Angeles state: California [Collection] Posts - [Doc] post1 - [Doc] post2 [Collection] Users - [Doc] user1 - [Doc] user2 - [Doc] abc125 name: Charlotte state: North Carolina [Collection] Posts - [Doc] post1 - [Doc] post2 [Collection] Users - [Doc] user1 - [Doc] user2
Above is what I came up with for the design of the database. While this design does ensure that no entities can see information that belongs to other entities, I'm unsure if this is the best way to do this. My main concerns with this design are scaling and performance; I'm not too familiar with designing databases so I don't know how this will perform after reaching hundreds, thousands, etc. of users.
The way it's setup now it's almost like when the user logs in they're logging into that entity's specific instance of the database, which I'm fine with, but I'm open to changing this structure if anyone has any ideas on how to do this better. Thanks for reading.