Focus mode active/Press Alt+Shift+R to toggle/Esc to exit
Final StretchOrdered learning track

Data Model Trade-off and Decision Framework

Framework trade-off enterprise data modelling untuk memilih antara normalization vs denormalization, snapshot vs reference, strong vs eventual consistency, SQL vs JSONB, event vs API, monolith vs microservice ownership, cache vs source query, and correctness vs performance.

16 min read3097 words
PrevNext
Lesson 7882 lesson track69–82 Final Stretch
#enterprise-data-modelling#tradeoffs#decision-framework#architecture+5 more

Data Model Trade-off and Decision Framework

1. Core Idea

Enterprise data modelling is a series of trade-offs.

There is rarely a universally correct answer. Better question:

Given this domain, volume, lifecycle, ownership, failure mode, and production risk, which modelling choice is safest and most evolvable?

Senior engineers are judged not only by the chosen design, but by whether they can explain:

  • why this model,
  • what alternatives were considered,
  • what trade-offs were accepted,
  • what risks remain,
  • how risks are mitigated,
  • how to migrate if assumptions change.

Mental model:

Good data modelling is explicit trade-off management under production constraints.


2. Decision Framework

For any modelling decision, evaluate:

1. Domain truth
2. Source-of-truth ownership
3. Invariants
4. Historical correctness
5. Query patterns
6. Write patterns
7. Consistency requirement
8. Integration boundaries
9. Security/privacy
10. Migration path
11. Operational failure modes
12. Reporting/analytics needs
13. Performance/scale
14. Team ownership and evolution
15. Reversibility

Do not optimize one dimension while ignoring others.


3. Trade-off 1 — Normalize vs Denormalize

Normalize

Pros:

  • avoids duplication,
  • strong consistency,
  • clear relationships,
  • easier updates,
  • fewer anomalies.

Cons:

  • more joins,
  • possible performance cost,
  • harder API/read model shape,
  • cross-service boundary issues.

Denormalize

Pros:

  • faster reads,
  • stable snapshot,
  • easier reporting,
  • decoupled from source changes,
  • good for historical evidence.

Cons:

  • drift risk,
  • reconciliation needed,
  • more storage,
  • update complexity,
  • unclear source-of-truth if unmanaged.

Decision Rule

Normalize for source-of-truth within bounded context.

Denormalize intentionally for:

  • immutable snapshots,
  • read models,
  • analytics facts,
  • external contract copies,
  • historical evidence,
  • performance where freshness is defined.

Always label denormalized field as snapshot/derived and define reconciliation if it can drift.


4. Example — Quote to Order Snapshot

Should order store price copied from quote?

Yes, usually, because order should represent what customer accepted.

order_item.accepted_price_snapshot

This is denormalization but preserves historical truth.

Bad alternative:

order reads current quote/catalog price every time

because catalog/pricing rules can change.

Trade-off accepted:

  • duplication is intentional,
  • lineage points to quote item price,
  • order price snapshot immutable,
  • reporting knows source.

5. Trade-off 2 — Snapshot vs Reference

Reference

order.billing_account_id -> billing_account.id

Pros:

  • current data always available,
  • less duplication,
  • easier updates.

Cons:

  • historical meaning can change,
  • source may be unavailable,
  • external ownership issue.

Snapshot

invoice.billing_address_snapshot

Pros:

  • historical correctness,
  • dispute evidence,
  • stable contract,
  • resilient to source changes.

Cons:

  • duplicated sensitive data,
  • retention/privacy complexity,
  • larger storage,
  • may become stale by design.

Decision Rule

Use reference for current operational lookup.

Use snapshot when the historical transaction must remain explainable:

  • accepted quote,
  • issued invoice,
  • approval evidence,
  • order commercial terms,
  • catalog version,
  • pricing result,
  • tax basis,
  • billing address at invoice time.

6. Trade-off 3 — Strong Consistency vs Eventual Consistency

Strong Consistency

Pros:

  • immediate invariant enforcement,
  • simpler reasoning,
  • avoids drift.

Cons:

  • tight coupling,
  • lower availability,
  • distributed transaction complexity,
  • slower cross-system operations.

Eventual Consistency

Pros:

  • service autonomy,
  • resilience,
  • scalable async processing,
  • good for projections/integrations.

Cons:

  • temporary mismatch,
  • reconciliation needed,
  • more operational complexity,
  • support confusion if freshness hidden.

Decision Rule

Use strong consistency inside aggregate/local transaction.

Use eventual consistency across bounded contexts, but add:

  • idempotency,
  • outbox/inbox,
  • status/freshness,
  • reconciliation,
  • support timeline,
  • retry/DLQ,
  • compensation strategy.

Do not use eventual consistency as excuse for unmanaged drift.


7. Example — Product Active and Charge Active

Product inventory and billing may be separate contexts.

Strong transaction across both may be impractical.

Use eventual consistency:

ProductActivated event -> Billing creates charge

But add reconciliation:

Active billable product must have active charge.

and repair workflow.

Trade-off:

  • decoupling accepted,
  • revenue leakage risk mitigated by reconciliation/SLA/alert.

8. Trade-off 4 — One Table vs Multiple Tables

One Table

Pros:

  • simple queries,
  • simple persistence,
  • fewer joins,
  • faster initial delivery.

Cons:

  • many nullable fields,
  • mixed ownership,
  • poor lifecycle separation,
  • row lock contention,
  • unclear semantics,
  • security exposure.

Multiple Tables

Pros:

  • clearer boundaries,
  • better lifecycle,
  • smaller hot rows,
  • separate security/retention,
  • better ownership.

Cons:

  • more joins,
  • more mapping code,
  • more migration complexity.

Decision Rule

Split when:

  • lifecycle differs,
  • cardinality is one-to-many,
  • fields are optional by subtype,
  • sensitivity differs,
  • update frequency differs,
  • ownership differs,
  • payload is large,
  • history/audit differs.

Keep together when fields are core invariant of one aggregate and always loaded/updated together.


9. Trade-off 5 — SQL Columns vs JSONB

SQL Columns

Pros:

  • constraints,
  • indexes,
  • type safety,
  • queryability,
  • discoverability,
  • field-level security.

Cons:

  • schema migration,
  • less flexible,
  • many optional fields can clutter.

JSONB

Pros:

  • flexible,
  • good for snapshots,
  • stores variable characteristics,
  • easier integration payload,
  • preserves original evidence.

Cons:

  • weak constraints,
  • hidden semantics,
  • harder indexing,
  • hard DQ/security lineage,
  • breaking changes hidden.

Decision Rule

Use SQL columns for:

  • identifiers,
  • status,
  • money,
  • dates,
  • fields used in joins/query/filter,
  • invariants,
  • security-sensitive field-level controls,
  • reporting dimensions.

Use JSONB for:

  • immutable evidence snapshot,
  • flexible characteristics,
  • external payload references,
  • extension fields with schema registry,
  • sparse non-critical metadata.

Extract critical JSON fields over time.


10. Trade-off 6 — Enum in Code vs Reference Table

Code Enum

Pros:

  • compile-time safety,
  • simple,
  • fast,
  • clear in code.

Cons:

  • requires deploy to change,
  • bad for business-managed codes,
  • external mapping harder,
  • historical/deprecation lifecycle harder.

Reference Table

Pros:

  • governed,
  • lifecycle/effective dating,
  • localized display,
  • external mapping,
  • business owner.

Cons:

  • runtime lookup,
  • cache needed,
  • validation complexity,
  • weaker type safety unless wrapped.

Decision Rule

Use code enum for stable technical states controlled by engineering.

Use reference table/code set for:

  • reason codes,
  • customer-visible codes,
  • externally mapped codes,
  • business-configurable categories,
  • approval/fallout/cancellation reasons,
  • UOM/currency/country if centrally governed.

11. Trade-off 7 — Domain Event vs Integration Event

Domain Event

Pros:

  • precise internal semantics,
  • good for bounded context,
  • reflects aggregate change.

Cons:

  • may expose internal model,
  • consumers coupled to internals if shared broadly.

Integration Event

Pros:

  • stable external contract,
  • consumer-friendly,
  • hides internal detail,
  • versioned independently.

Cons:

  • mapping layer required,
  • may lose detail,
  • additional maintenance.

Decision Rule

Use domain events internally within bounded context/service boundary.

Publish integration events across services/partners with stable contract.

Use anti-corruption mapping if external/TMF style differs from internal domain event.


12. Trade-off 8 — API Call vs Event Subscription

API Call

Pros:

  • request/response,
  • immediate error,
  • explicit query,
  • good for command/lookup requiring current state.

Cons:

  • runtime coupling,
  • latency dependency,
  • availability coupling,
  • retry complexity.

Event Subscription

Pros:

  • decoupled,
  • scalable,
  • good for state propagation/projections,
  • audit trail.

Cons:

  • eventual consistency,
  • replay/idempotency needed,
  • consumer lag,
  • schema governance.

Decision Rule

Use API for:

  • commands,
  • real-time validation needing source-of-truth,
  • explicit user request,
  • sensitive data with authorization.

Use events for:

  • facts after commit,
  • projections/read models,
  • async integration,
  • workflow progression,
  • analytics ingestion.

Avoid making command decisions from stale event projection unless acceptable.


13. Trade-off 9 — Shared Database vs Service-Owned Database

Shared Database

Pros:

  • easy joins,
  • simpler early development,
  • strong FK constraints,
  • easier reporting initially.

Cons:

  • service coupling,
  • ownership ambiguity,
  • unsafe schema changes,
  • bypassed invariants,
  • deployment coupling.

Service-Owned Database

Pros:

  • clear ownership,
  • autonomy,
  • bounded context,
  • safer evolution,
  • domain invariants protected.

Cons:

  • eventual consistency,
  • projections needed,
  • harder reporting,
  • reconciliation required.

Decision Rule

For microservices, prefer service-owned persistence.

Use shared DB only when architecture intentionally accepts coupling, or within modular monolith/bounded schema with clear ownership.

If read sharing is needed, expose projection/read model, not direct writes.


14. Trade-off 10 — Current-State Table vs Event Sourcing

Current-State Table

Pros:

  • simple queries,
  • easier operations,
  • common relational model,
  • simpler reporting source.

Cons:

  • history requires separate audit/status history,
  • reconstructing past state harder.

Event Sourcing

Pros:

  • full history,
  • replay/rebuild,
  • natural audit,
  • temporal reconstruction.

Cons:

  • complex,
  • event schema evolution hard,
  • query projections required,
  • operational debugging specialized,
  • retroactive correction hard.

Decision Rule

Use current-state tables plus audit/history for most enterprise CPQ/order/billing systems unless event sourcing is a deliberate architecture.

Use event sourcing only when:

  • history/replay is core requirement,
  • team has operational maturity,
  • event versioning governance is strong,
  • projections/rebuild are designed.

Do not adopt event sourcing only because events exist.


15. Trade-off 11 — Soft Delete vs Hard Delete vs Anonymize

Soft Delete

Pros:

  • recoverable,
  • preserves reference,
  • simple.

Cons:

  • data still exists,
  • privacy not satisfied,
  • query filtering risk,
  • storage growth.

Hard Delete

Pros:

  • removes data,
  • reduces storage,
  • privacy stronger if complete.

Cons:

  • breaks references,
  • audit/legal risk,
  • difficult restore/history.

Anonymize

Pros:

  • preserves analytical/history structure,
  • reduces privacy risk.

Cons:

  • hard to do completely,
  • may not satisfy all use cases,
  • derived copies must be handled.

Decision Rule

Use soft delete for operational hiding/recovery.

Use anonymization for privacy where historical facts must remain.

Use hard delete for transient/non-evidence data or when legally required/allowed.

Always consider derived copies, backups, and legal hold.


16. Trade-off 12 — Cache vs Direct Source Query

Cache

Pros:

  • low latency,
  • less DB load,
  • supports hot reads.

Cons:

  • stale,
  • invalidation complexity,
  • security leak risk,
  • tenant key risk.

Source Query

Pros:

  • authoritative,
  • simple correctness,
  • fewer moving parts.

Cons:

  • latency/load,
  • scale limits,
  • complex query cost.

Decision Rule

Use source query for commands and critical validation.

Use cache for read-heavy non-critical or versioned immutable data.

If cache is used for sensitive/current data:

  • include tenant/scope/version,
  • define TTL/invalidation,
  • include freshness,
  • avoid command invariant decisions.

17. Trade-off 13 — Synchronous Workflow vs Async Saga

Synchronous

Pros:

  • simple user feedback,
  • immediate failure,
  • easier transaction around small scope.

Cons:

  • latency,
  • downstream coupling,
  • timeout risk,
  • poor resilience.

Async Saga

Pros:

  • resilient,
  • supports long-running fulfillment,
  • retry/compensation,
  • decoupled services.

Cons:

  • eventual consistency,
  • complex state,
  • support/observability required.

Decision Rule

Use synchronous for short local operations.

Use async saga for long-running quote-to-order, fulfillment, billing integration, and external system orchestration.

Saga must have state, retries, compensation, and support timeline.


18. Trade-off 14 — Strict Validation vs Flexible Acceptance

Strict Validation

Pros:

  • data quality,
  • fewer downstream failures,
  • clear semantics.

Cons:

  • blocks user/process,
  • requires complete data upfront,
  • can be brittle with external feeds.

Flexible Acceptance

Pros:

  • accepts partial data,
  • supports progressive completion,
  • robust to external variation.

Cons:

  • downstream failure risk,
  • more pending/error states,
  • requires data quality workflow.

Decision Rule

Strictly validate invariants required for current command.

Allow progressive completion only if model has:

  • validation status,
  • missing data tracking,
  • owner,
  • lifecycle guard,
  • reconciliation,
  • support visibility.

Example:

Draft quote may be incomplete.
Submitted quote must be pricing-valid.
Accepted quote must be order-convertible.
Billing trigger must be billing-ready.

19. Trade-off 15 — Generic Model vs Domain-Specific Model

Generic Model

Pros:

  • reusable,
  • flexible,
  • fewer tables,
  • adapts to many cases.

Cons:

  • weak semantics,
  • complex validation,
  • hard reporting,
  • hard onboarding,
  • runtime errors.

Domain-Specific Model

Pros:

  • clear invariants,
  • readable,
  • safer,
  • better reporting,
  • easier review.

Cons:

  • more schema/code,
  • less flexible,
  • more migrations.

Decision Rule

Use generic model for truly generic infrastructure:

  • audit event,
  • external reference,
  • data quality result,
  • attachment/document metadata.

Use domain-specific model for core business truth:

  • quote,
  • order,
  • product instance,
  • charge,
  • invoice,
  • approval,
  • fulfillment task.

Avoid modelling core quote-to-cash as only generic key-value bags.


20. Trade-off 16 — Immediate Consistency Check vs Reconciliation

Immediate Check

Pros:

  • prevents bad state at write time,
  • simpler for user action.

Cons:

  • may require cross-service calls,
  • may block due to transient dependency,
  • may not scale.

Reconciliation

Pros:

  • catches drift over time,
  • works across systems,
  • tolerant of async timing.

Cons:

  • detects after issue happens,
  • repair workflow needed,
  • SLA/alert needed.

Decision Rule

Use immediate check for local invariant and critical command precondition.

Use reconciliation for cross-service/external consistency that cannot be strongly enforced.

Do both for high-risk financial or customer-impacting flows.


21. Trade-off 17 — Immutable History vs Correctable Data

Immutable

Pros:

  • audit/legal trust,
  • historical correctness,
  • stable references.

Cons:

  • correction requires adjustment/reversal,
  • more entities,
  • operational complexity.

Correctable

Pros:

  • easy fix,
  • simpler current-state updates.

Cons:

  • history can be rewritten,
  • audit gaps,
  • financial/legal risk.

Decision Rule

Make accepted/issued/approved/published artifacts immutable:

  • accepted quote,
  • issued invoice,
  • approval decision,
  • published catalog version,
  • audit record.

Use correction/adjustment/supersession for changes.

Allow correction on drafts/current operational data with audit.


22. Trade-off 18 — Partitioning Now vs Later

Partition Now

Pros:

  • future scale,
  • retention/archive easier,
  • better large table management.

Cons:

  • complexity,
  • harder queries/migrations,
  • operational overhead,
  • premature optimization risk.

Partition Later

Pros:

  • simpler start,
  • fewer operational concerns.

Cons:

  • difficult migration when table huge,
  • retention painful,
  • performance risk.

Decision Rule

Partition early for known high-volume append-only tables:

  • usage_event,
  • audit_event,
  • outbox/inbox history,
  • integration_message,
  • invoice_line at massive scale,
  • data_quality_result.

Delay partition for moderate tables but monitor growth and define migration plan.


23. Decision Record Template

Use this for trade-off decisions:

## Decision
What are we choosing?

## Context
What problem and constraints?

## Options
A, B, C.

## Evaluation
Domain correctness:
Performance:
Migration:
Security:
Operational complexity:
Team ownership:
Reversibility:

## Decision
Chosen option and why.

## Consequences
Benefits:
Costs:
Risks:
Mitigations:

## Review date
When should this be revisited?

Trade-offs should be explicit and documented.


24. Weighted Decision Matrix

Example scoring:

CriterionWeightOption AOption B
Correctness553
Performance335
Migration safety442
Evolvability452
Operational simplicity334
Security/privacy553

Weighted score helps discussion, but not all criteria are numeric. Some are hard constraints.

Example hard constraints:

  • no PII in broad event,
  • issued invoice immutable,
  • one order per quote version,
  • tenant isolation cannot be compromised.

25. Reversibility

Ask:

  • Can this decision be changed later?
  • What migration would be needed?
  • What data would be lost?
  • What contracts would break?
  • Can we introduce new model additively?
  • Can old/new coexist?
  • Is there a compatibility window?

Prefer reversible decisions when domain uncertainty is high.

Example:

Start with reference + snapshot metadata.
Promote field to first-class relation later if query/invariant needs grow.

But do not choose unsafe flexible model for hard invariant.


26. Cost of Being Wrong

For each decision, ask:

If this is wrong, what happens?

Low cost:

  • UI display field needs rename.

High cost:

  • invoice semantics wrong,
  • duplicate billing,
  • tenant data leak,
  • accepted quote loses price snapshot,
  • product inventory cannot map to service,
  • migration corrupts active products.

High cost decisions deserve stronger design review, tests, and ADR.


27. Time Horizon

Good data models serve:

  • next sprint,
  • next release,
  • next migration,
  • next customer onboarding,
  • next audit,
  • next incident,
  • next reporting need,
  • next on-prem upgrade,
  • next engineer joining the team.

Avoid overbuilding for hypothetical future, but do not ignore obvious lifecycle and integration needs.


28. Organizational Trade-offs

Technical design must fit team reality.

Questions:

  • Who owns this service?
  • Who can operate this model?
  • Does team understand event sourcing/saga/partitioning?
  • Is DBA/platform support available?
  • Are consumers mature enough for contract versioning?
  • Is on-call able to debug async flow?
  • Is there tooling for reconciliation?
  • Is support trained?

A theoretically superior model can fail if operational maturity is missing.


29. Decision Smells

Smells:

  • "We choose JSONB so we don't need migration."
  • "We choose event sourcing because events are cool."
  • "We cache it because query is slow" without freshness.
  • "We denormalize everything for performance" without lineage.
  • "We normalize everything" ignoring historical snapshots.
  • "We don't need idempotency because UI won't double-submit."
  • "We can fix bad data manually."
  • "This field is temporary" without deprecation plan.
  • "External ID is unique" without source/tenant scope.
  • "The dashboard can figure it out."

These are warning signs.


30. Trade-off Review Checklist

When making a decision, ask:

  • What truth are we preserving?
  • What failure mode are we accepting?
  • What mitigation exists?
  • What is source-of-truth?
  • What is snapshot/derived/reference?
  • What invariant must be enforced?
  • What consistency level is required?
  • What query/write pattern dominates?
  • What data volume/lifecycle is expected?
  • What contracts are affected?
  • What security/privacy risk exists?
  • What migration path exists?
  • What observability/reconciliation is needed?
  • What test proves decision works?
  • What would make us revisit this decision?

31. Internal Verification Checklist

Verify these in the internal CSG/team context:

  • Architectural preferences for normalization/denormalization.
  • PostgreSQL standards for JSONB, indexing, partitioning.
  • Event vs API integration standards.
  • Microservice ownership boundaries.
  • Outbox/inbox and saga maturity.
  • Cache/Redis usage policy.
  • TMF API alignment requirements.
  • Security/privacy hard constraints.
  • Billing/financial immutability policies.
  • Migration/release constraints for cloud/on-prem.
  • Support/reconciliation tooling maturity.
  • Known historical trade-off mistakes or incidents.

32. Summary

Enterprise data modelling is trade-off management.

A strong decision framework helps choose between:

  • normalize vs denormalize,
  • snapshot vs reference,
  • strong vs eventual consistency,
  • one table vs multiple tables,
  • SQL columns vs JSONB,
  • enum vs reference table,
  • domain event vs integration event,
  • API vs event,
  • shared DB vs service-owned DB,
  • current-state vs event sourcing,
  • soft delete vs hard delete vs anonymize,
  • cache vs source query,
  • synchronous workflow vs async saga,
  • strict validation vs flexible acceptance,
  • generic vs domain-specific model,
  • immediate check vs reconciliation,
  • immutable history vs correctable data,
  • partitioning now vs later.

The key principle:

There is no perfect model. There is only a model whose trade-offs are explicit, justified, tested, observable, and safe enough for the business risk it carries.

Lesson Recap

You just completed lesson 78 in final stretch. Use the series map if you want to review the broader track, or continue directly into the next lesson while the context is still warm.

Continue The Track

Keep the momentum while the lesson is still fresh. Move backward for review or continue forward into the next concept.