PK
Back to archive

Engineering

The Data Model Is a Political Boundary

Why data models decide ownership, meaning, and which future arguments become expensive.

The Data Model Is a Political Boundary

A database schema is an org chart with indexes.

That sounds too dramatic until a product change touches a shared entity. Then the old argument returns: who owns the field, which definition is canonical, which workflow gets the fast path, and who pays to migrate everything that depended on the previous shape.

The data model did not merely store facts. It chose which future arguments would be cheap and which would be expensive.

The thesis

A data model is not neutral storage. It is a political boundary because it assigns ownership, meaning, access patterns, and migration cost.

The most important schema decisions are rarely about whether a field should be a string, enum, document, relation, or nested object. Those choices matter, but they are second-order. The first-order choice is which part of the organization gets to say what a thing means.

When that choice is implicit, the database becomes the place where unresolved product and ownership questions go to harden.

The production pattern

A system starts with a practical model. There is a user, an account, an order, a project, a permission, a balance, a session, a document, or some other central noun. The early model is good enough because one product path dominates and one team understands the meaning.

Then the noun becomes popular.

Another workflow needs a slightly different definition. A reporting path joins it differently. A background job wants to denormalize it. A new interface needs to query it by a different key. A policy engine treats one field as authoritative while a dashboard treats another derived value as truth.

Nobody is trying to create a political problem. Each team is making a reasonable local choice. The trouble is that the shared data model is now deciding who gets to move without asking permission.

If the model says a field belongs to the core entity, changing it requires coordination across every consumer. If the model says the field belongs to a separate owned concept, the change is more local but queries may become more expensive. If the model makes a common question cheap, that question becomes product gravity. If it makes a question painful, people stop asking it or build shadow copies.

That is why model reviews often feel more contentious than code reviews. People are not only debating shape. They are debating future power.

The trap

The trap is treating the data model as a technical container for facts.

That creates two bad habits. The first is stuffing every related attribute into the central object because it is convenient. The second is splitting concepts into separate tables or documents because separation feels cleaner. Both can be wrong when they dodge the real question: which owner is allowed to define and evolve the meaning?

Shared tables are especially seductive. They look efficient. One place to read, one place to write, one place to discover fields. Over time they become organizational commons. Everyone needs them, nobody can safely change them, and the cheapest path is to add another nullable column or another interpretation of an old field.

The reverse failure also happens. Teams over-separate the model to preserve ownership purity, then force every product experience through expensive joins, fanout reads, or brittle orchestration. The architecture is politically tidy but operationally awkward.

Both failures come from skipping the boundary discussion.

The model

I use four dimensions when reviewing an important data model.

Entity ownership asks who can change the lifecycle of the thing. Not who can add a field, but who can decide what states exist, when the entity is created, when it is deleted, and which invariants must hold. If two teams need independent lifecycle authority, the model should make that tension visible.

Query shape asks which questions the model makes cheap. Every model has a favored reading position. A document model may make aggregate reads simple and cross-cutting queries harder. A normalized model may make semantic separation clearer and high-traffic reads more expensive. A materialized view may make a product path fast while creating refresh and staleness work. There is no free shape. There are only chosen cheap questions.

Semantic ownership asks who owns the meaning of each important field. A field named "status" is not a definition. A field named "eligible" is not a policy. A timestamp is not automatically an event boundary. If a field changes business meaning without changing schema, the model has failed to name its semantic owner.

Migration cost asks what will happen when the meaning changes. Can old and new values coexist? Can readers tolerate missing or unknown states? Can the system backfill safely? Is there an owner for removal? A data model that cannot be migrated is a decision to keep old meaning alive indefinitely.

The useful review question is not "is this normalized?" or "is this flexible?" It is: which future disagreement does this model make expensive, and are we willing to pay that price?

Where this model breaks

Not every schema deserves a governance meeting. A local table behind one workflow, a short-lived experiment, or a read model rebuilt from canonical data should not be burdened with the same ceremony as a shared domain object.

Too much boundary design can slow learning. Early product work often needs reversible mess. A schema that survives only because nobody has used the feature yet does not need a political theory. It needs room to change quickly and a clear path to become more formal if usage grows.

The model also breaks when teams use ownership language to avoid collaboration. "That entity belongs to us" is not a design argument. Ownership is useful only when it creates clearer accountability, safer change, and better product behavior.

The counterpoint is real: sometimes a shared, slightly messy model is the most pragmatic choice. The mistake is not sharing. The mistake is sharing without naming who can change what.

What I do now

For important data model changes, I ask for a short decision record before the schema lands. It does not need to be long. It should answer a few concrete questions.

  • Owner: who owns the lifecycle and meaning of the entity?
  • Cheap questions: which reads are intentionally optimized?
  • Expensive questions: which reads are intentionally not optimized?
  • Semantic authority: who can redefine important fields?
  • Coexistence: how will old and new meanings live during migration?
  • Removal: what evidence allows old fields, states, or projections to be removed?

I also ask teams to separate canonical models from convenience models. A canonical model should be conservative about meaning. A projection can be aggressive about query shape. A cache can be optimized for a product path. A derived table can be disposable. Confusing those layers is how teams turn convenience into doctrine.

The principal-engineer lens is to notice when a schema review is really an ownership review. When people argue unusually hard about a column, enum, or relationship, the hidden issue is often not the database. It is who gets surprised later.

Closing takeaway

Treat a data model as a boundary decision: name who owns the meaning, which questions are cheap, and who pays when the meaning changes.