Harness Enterprise accounts running multiple organizations — each with distinct engineering teams, security postures, and compliance requirements — have no resource partitioning at the org tier today. All platform controls are either account-wide or project-level, with no intermediate org-level tier between them.

This creates real operational risk in multi-org accounts:

— One org's pipeline surge can queue out another org's commits with no isolation.

— A delegate misconfiguration in one org can affect all other orgs on the same account.

— OPA policies cannot be scoped per org — any policy is either account-wide or per-project, with no way to match a specific org's compliance posture.

— Security reviews requiring prod delegate isolation cannot be satisfied with account-wide delegate pools.

— A concurrency spike in one org causes an account-wide incident affecting all other orgs.

Project-level concurrency controls are not a practical substitute at enterprise scale — they require per-project configuration and do not enforce org-level resource boundaries.

We need org-scoped resource partitioning controls sitting between the account level and the project level:

Per-org concurrent execution quota — enforced by Harness at the platform level, not by customer configuration. Each org gets an allocated slot count that other orgs cannot consume.

Per-org delegate affinity — delegates registered to an org only accept tasks from that org's projects. Cross-org task routing is not possible without explicit configuration.

Per-org OPA enforcement scope — policy sets applied at org scope, not just account or project scope, so each org's compliance rules apply only to its own pipelines.

Per-org rate limits and timeout defaults — org-level settings override account defaults for that org's projects without requiring project-by-project configuration.

Per-org audit and compliance scope — org-level audit log filtering so each org's security team can access only their own activity without account-wide visibility.

Business value:

Without org-level controls, enterprise customers running multiple business units or teams on a shared Harness account cannot safely isolate workloads, enforce per-team compliance rules, or prevent one team's activity from impacting others. Every new org onboarded increases the blast radius for all existing orgs. Org-scoped partitioning enables enterprise customers to operate a single shared platform without sacrificing isolation, compliance, or stability across teams.