Skip to main content

Part of topic: Node.js & Backend Systems, Full-Stack Systems Design

Back to Case Studies
StackRoleYearStatus
NestJS, Express.js, MongoDB, JWT, RBAC, Socket.io, TypeScript, DockerFull-Stack Software Engineer2025Completed
EduManage — Multi-Tenant School Management SaaS Architecture Diagram - Hero Preview by Ancel Ajanga.

EduManage — Multi-Tenant School Management SaaS

Streamlining administration, enrollment, and reporting for schools

EduManage — Multi-Tenant School Management SaaS — Streamlining administration, enrollment, and reporting for schools is a technical case study on ancel.co.ke documenting architecture, trade-offs, and outcomes. To replace fragmented tools with one system without mixing school data or permissions, I built EduManage with tenant-scoped access and hierarchical RBAC so failures in one institution or module do not affect others. Ancel Ajanga wrote this case study from hands-on delivery experience in Kenya.

Written by Ancel AjangaSystems Engineer & Fullstack Developer
Full-Stack Software Engineer
5 months (2025)
Completed
NestJS
Express.js
MongoDB
JWT
RBAC
Socket.io
TypeScript
Docker
View full tech stack

A comprehensive educational management system designed to streamline administrative tasks, student enrollment, and academic reporting.

GitHub Repo Docs

The Problem

Schools often rely on fragmented tooling (spreadsheets, paper records, disconnected apps) for enrollment, administration, and reporting. This creates duplicate data entry, inconsistent records, and slow reporting cycles—especially when multiple staff roles require different access levels.

To replace fragmented tools with one system without mixing school data or permissions, I built EduManage with tenant-scoped access and hierarchical RBAC so failures in one institution or module do not affect others.

The Solution

I built EduManage to centralize core school operations into a single system with clear role boundaries. The platform focuses on predictable workflows for student enrollment, administrative management, and academic reporting, with structured access control and a backend designed to handle growth and operational complexity.

Key Technical Terms

  • Tenant-scoped data access:Every EduManage request is filtered by institution so one school never sees another's data; that supports the project goal of multi-tenant SaaS on a single deployment with strict isolation.
  • Hierarchical RBAC:Roles and permissions form a hierarchy so complex school structures (admin, teacher, secretary) map to predictable access without per-user exceptions; that supports scalable, auditable authorization.
  • Real-time events (Socket.io):Notifications and updates are delivered over scoped channels so only the right tenant receives them; that supports live workflows without cross-tenant leakage or polling.

The Impact

Delivered a unified school operations platform that reduces administrative overhead, improves record consistency, and enables faster, more reliable reporting. The system is structured for maintainability, with clear module boundaries that support incremental expansion over time.

~85%

MVP complete; hardening and optimizations deferred

Tenant-scoped

Institution isolation enforced at data layer

Hierarchical RBAC

Role and permission boundaries designed to scale

Socket.io

Notifications and operational updates

Outcomes

  • MVP complete with production-ready tenant and authorization boundaries
  • Real-time operational workflows supported via event-driven updates
  • Architecture documented and maintained in GitHub docs

Key Engineering Decisions

I chose to ship EduManage at ~85% to reflect real-world constraints: I deferred advanced rate limiting, deeper automated testing, and caching in favor of delivering a stable, well-structured MVP with strong tenant and authorization boundaries first.

Failure Modes & Resilience

MongoDB or backend down: the app returns clear errors so clients can show retry or offline messaging. Socket.io disconnect: clients reconnect and re-subscribe so they do not miss tenant-scoped updates. Invalid or expired JWT: auth middleware rejects the request and the frontend can redirect to login. Cross-tenant request (bug or abuse): every query is tenant-scoped so data from another institution is never returned. Heavy report or export: we avoid blocking other requests so one school's job does not slow the whole system.

Outcome & Future Potential

Delivered a unified school operations platform that reduces administrative overhead, improves record consistency, and enables faster, more reliable reporting. The system is structured for maintainability, with clear module boundaries that support incremental expansion over time.

Roadmap & Expansion

Add advanced caching for hot reads, rate limiting and abuse protection, deeper automated testing (unit + integration), audit trails for sensitive operations, and expanded real-time notification pipelines.

~85%

Status

MVP complete; hardening and optimizations deferred

Tenant-scoped

Multi-Tenancy

Institution isolation enforced at data layer

Hierarchical RBAC

AuthZ

Role and permission boundaries designed to scale

Socket.io

Real-time

Notifications and operational updates

Project Gallery

EduManage — Multi-Tenant School Management SaaS Architecture Diagram - Gallery Image 1 by Ancel Ajanga.