CloudKit handle multiple companies

Didn't you ask something similar back in 2015?

https://forums.developer.apple.com/thread/16834

your problem is "synching is accomplished primarily using alerts from the database. All users would get alerts for any record changes for all companies."

I'm not sure what that means; queries? notifications? subsccriptions? or what. But whatever it means, couldn't you store, in each record in the public database, a field that contains the company's name. Then, in all queries and subscriptions, require that that field have the correct value for company?

NSPredicate *predicate = [NSPredicate predicateWithFormat:@"companyt = %@", myCompanyName];

Then the queries and subscriptions would be company specific. Alternatively, and much less efficient, you could let the data for all companies flow to all users but have each user exclude any record that was not their company.

Wouldn't that be a bit dodgy in that all one company would need to do is change its name to anothers and then they'd see the othes data?

While anything can be hacked, normal access to CloudKit is only through the app's code. It's the app that decides what comapny the user is entitled to access. So all you would need to do is require that the user have username/password access to define their company affiliation; among other ways of limiting what "company name" would be entered by the app.

But that doesn’t protect you from a developer. I spent many years working in an environment where the developer is considered high risk and there’s a large amount of regulation that attempts to keep developers away from live data. At the end of the day, you may be absolutely right, but the risk bods would still say no....

You are never really protected from a developer - they write the code.

You can encrypt your information before uploading it to CloudKit. But it would be the developer who would write that encryption procedure.