For companies that use a multi-tenant database architecture, it can be complicated to find an embedded analytics tool that fits their needs. Often, business intelligence tools are built on the pretence of a single-tenant architecture, but row-level security can help.
In this article, we’ll explain why it’s complicated to serve multi-tenant architectures with embedded analytics, and how you can find a solution that gives you the full power of an embedded analytics tool on your multi-tenant architecture.
What is a proper embedded analytics architecture?
A multi-tenant database architecture is simply a type of software architecture where a single instance of a database serves multiple tenants or customers. In comparison, a single-tenant architecture means that each customer has their own unique and fully isolated database.
Each tenant's data is logically separated, often through techniques such as schema-based isolation, where each tenant has a separate schema, or a shared schema with row-level security.
Resources such as CPU, memory, and storage are shared among all tenants.
This leads to more efficient resource utilization compared to single-tenant architectures, where each tenant has a separate instance. This typically allows it to scale well, accommodating more tenants without the need for additional infrastructure, hence making your business processes more cost-efficient.
As a result, this is a very common approach to database architecture in SaaS companies. However, surprisingly, it can be hard to find an embedded analytics tool that allows you to provide powerful data experiences and interactive visualizations to your end-users.
What to consider when choosing an embedded analytics tool for a multi-tenant architecture
To be frank, some embedded analytics tools and software vendors do support multi-tenancy; however, even when they do, it often comes with some somewhat prohibitive restrictions. Here are a couple you may be familiar with...
Prohibits data exploration
Imagine that you want to give your users extra power, letting them build their own dashboards using the data models and charts you’ve given them access to.
With a single-tenant architecture, the database they are exploring contains only their data, so you can let them query data and build out new visualisations to their heart’s content. They will never be exposed to data that doesn’t pertain to them. This lets them create data visualizations and perform tasks like predictive analytics without worrying about compromising data.
In a multi-tenant architecture, this becomes much trickier because the data environment they are exploring is not isolated from the rest of your customers, meaning you risk exposing data to users who should not see it.
If you’re displaying data to your customers or users from a multi-tenant data architecture, then you’ll likely be inclined to ‘lock it down’. This can prevent you from achieving the kind of flexibility you desire in your analytics experience, for example, by offering users the ability to self-serve data queries.
Often requires re-authentication
There are few things worse than asking your customers to re-authenticate and log in to a third-party application that’s embedded in your platform when they are already logged in.
Using a tool that isn't built from the ground up to support multi-tenant architectures can often result in using strange and unintuitive workarounds, such as asking your customers to re-login to the third-party application to experience the analytics you've curated for them.
Instead, you want a seamless integration with the analytics platform and your product, allowing you to display users' business data within your app. This not only increases user engagement but also builds trust in you as their software vendor.
Comparing multi-tenant database models
When building embedded analytics into a multi-tenant app, the underlying data model is crucial. Most teams end up choosing between three models: shared database and schema (with tenant rows distinguished by a tenant_id), shared database with separate schemas per tenant, or fully isolated databases per tenant.
Each model has its trade-offs. The shared-schema model is the simplest and most common. It keeps costs low and scales well at the infrastructure level—but you’ll need strict row-level security and tenant filtering logic, which can add complexity on the analytics side. This approach often pairs well with embedded tools that support row-level filtering natively.
Separate schemas per tenant give you stronger isolation while keeping infrastructure overhead relatively low. You can still centralize your analytics logic while maintaining distinct data boundaries. However, you’ll need to manage schema creation and updates across tenants, which can become tricky at scale.
Separate databases per tenant offer the strongest isolation and are often used in regulated industries or large enterprise SaaS setups. But they come with a cost: managing connections, running queries across tenants, and aggregating usage metrics becomes much harder. Some embedded BI tools don’t support multi-database querying out of the box, so this architecture may limit your options.
There’s no one-size-fits-all answer. Your choice will depend on your security posture, scalability goals, and the complexity of analytics you want to offer. But being aware of these trade-offs early helps avoid lock-in later.
Security and compliance considerations
Analytics doesn’t exist in a vacuum, especially when you’re dealing with tenant data. Ensuring the right users see the right data is just the beginning. You also need to think about encryption, access controls, audit trails, and regulatory compliance.
The most common approach is attribute-based access control (ABAC), where data is filtered based on user or tenant attributes, such as tenant ID, region, or role. Your embedded analytics tool needs to support this either through parameterized queries, scoped API tokens, or native row-level security. Without this, you risk exposing data between tenants.
Then there’s data at rest and in transit. Analytics platforms should support encryption via TLS and AES-256 by default, and your app should enforce HTTPS for embedded dashboards. Some industries may also require field-level encryption for sensitive data, such as revenue or health information.
Don’t forget auditability. Especially for enterprise customers, you’ll need to demonstrate who accessed what and when. Look for embedded analytics tools that log user activity and integrate with external logging systems like Splunk or Datadog.
Finally, if your product handles EU data or health data in the U.S., you’ll need to comply with GDPR, HIPAA, or SOC 2 requirements. Embedded dashboards must inherit the same security posture as the rest of your product.
Put simply: you’re not just embedding charts, you’re embedding trust. Prioritizing data governance from day one makes scaling your analytics offering a whole lot easier.
Performance optimization strategies for multi-tenant analytics
Ensuring responsive and efficient analytics in a multi-tenant environment requires deliberate performance optimization strategies. As multiple tenants access shared resources, it's crucial to implement measures that prevent performance bottlenecks and ensure a seamless user experience.
1. Query optimization and indexing:
Design queries to be efficient and scalable. Utilize parameterized queries and ensure that indexes are in place for commonly filtered columns, such as tenant_id. This reduces query execution time and minimizes resource contention among tenants.
2. Caching mechanisms:
Implement caching strategies at various levels, including the application, database, and analytics layers. Caching frequently accessed data or reports can significantly reduce load times and decrease the strain on the database.
3. Resource isolation:
Allocate resources, such as CPU and memory, based on tenant usage patterns. Tools that support resource quotas can help prevent a single tenant from monopolizing shared resources, ensuring fair usage across all tenants.
4. Asynchronous processing:
For resource-intensive operations, consider asynchronous processing. This approach allows the system to handle heavy computations without blocking other operations, maintaining overall system responsiveness.
5. Monitoring and alerting:
Continuously monitor system performance metrics and set up alerts for anomalies. Proactive monitoring enables quick identification and resolution of performance issues before they impact end-users.
By implementing these strategies, you can ensure that your embedded analytics solution remains performant and scalable, providing a consistent experience for all tenants.
Why do BI tools not fully support multi-tenant architectures when embedding?
Business intelligence tools like Looker, PowerBI, Tableau, Trevor.io, etc. were built as internal-use tools first, i.e., they are designed to connect to your Postgres, BigQuery, or Snowflake (or whichever database or data warehouse you choose as a data source for your embedded analytics) and give your internal team the ability to investigate that data.
There’s nobody else’s data in there, and nobody in your team is going to see something from another business - by default, it’s a single-tenant kind of thing.
As a result, the authentication within these solutions is built around the notion of access on a by-database and/or by-table basis, i.e., if I am logged into {enter BI tool}, then I have access to the database, and my role/access level allows me to see tables A-G but not tables H-Z.
What happens when there is a table with some data I should have access to, but also some that I definitely should not have access to?
🤖 ……. 💥
Enter: Row Level Security.
What is Row-Level Security (RLS)?
Row-Level Security is a data access control mechanism that restricts access to rows in a database table, rather than managing access on a ‘by-table’ or ‘by database’ basis. It uses filtering on the data tables themselves to restrict the data shown back to the data consumer—your end users.
When embedding dashboards into applications using a BI tool, particularly in a multi-tenant environment, RLS plays a crucial role in ensuring that each user or tenant only sees data relevant to them. This is vital for maintaining data confidentiality and providing a personalized user experience.
RLS typically involves creating policies that define which rows are visible to a particular user or group of users. These policies are enforced by the database management system, ensuring that unauthorized access to data is prevented at the database level. This data management ‘layer’ has to be built and maintained to ensure users can experience a clean and secure data environment.
Defining and optimising your RLS policies sounds complicated, right? Frankly, it is.
An easier way…
At Embeddable, we do away with all of the complexity and enable you to use data in local storage to manage access to database tables - essentially leveraging your existing auth in combination with row-level security and allowing you to integrate analytics into your app while providing a seamless user experience.
You already have the user ID on hand when the user is logged in to your platform, and all you have to do is pass that context to Embeddable when you request the Embeddable to be loaded for the user.
We use the user_id, org_id, and any other parameter, or string of parameters you want in order to filter the data that’s returned for the user. This ensures that even with a multi-tenant architecture, your customers/users will only see the data you want them to.
This avoids you having to ask the user to log in again, or having to move to a single-tenant approach and lose all of the efficiencies of your existing architecture. They can access insights, analyze data and create data visualizations without leaving your platform.
Embeddable: next-gen embedded analytics
On top of providing an intuitive and performant way of providing your customers with access to secure data on a multi-tenant architecture, Embeddable takes a cutting-edge approach to create the dream solution for you to deliver your analytics project, allowing you to get the full benefits of exposing valuable data to your customers.
Embeddable is the first embedded analytics solution to take a headless architectural approach - effectively meaning that you have complete control over the frontend.
This approach allows you to modify, extend, and style the analytics libraries of components that are provided out of the box, in code. In addition to enabling the use of your favorite charting library, and existing components from your design system, like buttons and icons, which may be small but adds to the user satisfaction.
By leveraging the power of a headless embedded analytics tool, you’ll be empowered to create analytics experiences that look and feel completely native to your platform, in addition to having infinitely extensibility - meaning you’ll never find yourself in a position where you can’t deliver on you users needs, or your team’s big vision.
Built from the ground up to be the dream solution for product and development teams to deliver remarkable analytics experiences, Embeddable is also built for rapid development and analytics capabilities, offering two layers of configurable caching and eschewing the need for an iframe by embedding via a web component that loads the charts natively within your application.
In addition to lightning-fast loading speeds, this also gives you bi-directional communication between the analytics and your application. Your users don't need to be data analysts to analyze and process data and get actionable insights.
On top of that strong foundation of flexibility and speed, you’ll also have access to advanced features that enable you to deliver self-serve data exploration to your customers, exporting options, drilldowns, and a host of other powerful features that will delight your customers.
End users have access to more than generic dashboards, as they can view the same data in a plethora of different ways, without being business analysts or data scientists.
Real-world case studies: Embedded analytics in action
Understanding how organizations have successfully implemented embedded analytics in multi-tenant architectures can provide valuable insights. Here are a few examples:
Resident Advisor
As a global platform for music events, Resident Advisor needed to deliver personalized analytics to event organizers. By integrating Embeddable's no-code dashboard builder, they enabled non-technical users to create and customize reports effortlessly, enhancing user engagement and satisfaction.
Pledge:
Pledge, a platform facilitating charitable donations, required real-time analytics to track contributions across various campaigns. Utilizing Embeddable, they provided stakeholders with up-to-date insights, improving transparency and trust among donors and partners.
mpathic AI:
Specializing in AI-driven communication analysis, mpathic AI integrates Embeddable to offer clients detailed analytics on conversational data. This integration allowed for scalable, tenant-specific insights without overburdening their development team.
Find out more about Embeddable’s next-gen approach to customer-facing analytics.
