For companies who use a multi-tenant database architecture, it can be complicated to find an embedded analytics tool that fits their needs. Often business intelligence tools are built on the pretence of a single-tenant architecture, but row level security can help.
In this article we’ll delve into why it’s complicated to serve multi-tenant architectures with embedded analytics, and how you can find a solution that gives you the full power of an embedded analytics tool on your multi-tenant architecture.
What is a multi-tenant database architecture?
A multi-tenant database architecture is simply a type of software architecture where a single instance of a database serves multiple tenants or customers. Whereas a single tenant architecture means that each customer has their own unique and fully-isolated database.
Each tenant's data is logically separated, often through techniques like schema-based isolation (each tenant has a separate schema) or shared schema with row-level security.
Resources such as CPU, memory, and storage are shared among all tenants. This leads to more efficient utilization of resources compared to single-tenant architectures, where each tenant has a separate instance. This typically allows it to scale well, accommodating more tenants without the need for additional infrastructure, and hence making everything more cost efficient.
As a result, this is a very common approach to database architecture in SaaS companies, but surprisingly it can make it hard to find an embedded analytics tool that allows you to give powerful data experiences to your end users.
What to consider when choosing an embedded analytics tool for a multi-tenant architecture
To be frank, some embedded analytics tools do ‘support multi-tenancy’ - however, even when they do, it often comes with some somewhat-prohibitive restrictions. Here are a couple you may be familiar with...
Prohibits data exploration:
Imagine that you want to give some extra power to your users, and let them build their own dashboards using some data models and charts that you’ve given them access to.
With a single-tenant architecture, the database they are exploring contains only their data - so you can let them query data and build out new visualisations to their heart’s content, and they will never be exposed to data that doesn’t pertain to them.
In a multi-tenant architecture, this becomes much more tricky because the data environment that they are exploring is not isolated from the rest of your customers - meaning you risk exposing data to users that they really should not be seeing.
If you’re displaying data to your customers or users from a multi-tenant data architecture then you’ll likely be inclined to ‘lock it down’. This can stop you from achieving the kind of flexibility that you desire in your analytics experience, for example offering the ability to self-serve data queries to your users.
Often requires re-authentication:
There are few things worse than asking your customers to re-authenticate and log in to a third-party application that’s been embedded in your platform (in which they are already logged-in). Using a tool that's not built from the ground up for supporting multi-tenant architectures can often result in having to use strange and unintuitive workarounds like asking your customers to re-login to the third-party application in order to experience the analytics you've curated for them.
Why do BI tools not fully support multi-tenant architectures when embedding?
Business intelligence tools like Looker, PowerBI, Tableau, Trevor.io etc. were built as internal-use tools first, i.e. they are designed to connect to your Postgres, BigQuery or Snowflake (or whichever database you choose as a source for your embedded analytics) and give your internal team the ability to investigate that data. There’s nobody else’s data in there, and nobody in your team is going to see something from another business - by default, it’s a single-tenant kind of thing.
As a result, the authentication within of these solutions are built around the notion of access on a by-database and/or by-table basis, i.e. if I am logged into {enter BI tool} then I have access to the database, and my role/access level allows me to see tables A-G but not tables H-Z.
What happens when there is a table with some data I should have access to, but also some that I definitely should not have access to?
🤖 ……. 💥
Enter: Row Level Security.
What is Row-Level Security (RLS)?
Row-Level Security is a data access control mechanism that restricts access to rows in a database table, rather than managing access on a ‘by-table’ or ‘by database’ basis. It uses filtering on the data tables themselves to restrict the data that is shown back to the data consumer - your end users.
When embedding dashboards into applications using a BI tool, particularly in a multi-tenant environment, RLS plays a crucial role in ensuring that each user or tenant only sees data relevant to them. This is vital for maintaining data confidentiality and providing a personalized user experience.
RLS typically involves creating policies that define which rows are visible to a particular user or group of users. These policies are enforced by the database management system, ensuring that unauthorized access to data is prevented at the database level. This data management ‘layer’ has to be built and maintained to ensure users can experience a clean and secure data environment.
Defining and optimising your RLS policies sounds complicated, right? Frankly, it is.
An easier way…
At Embeddable, we do away with all of the complexity and enable you to use data in local storage to manage access to database tables - essentially leveraging on your existing auth in combination with row-level security.
You already have the user id on hand when the user is logged in to your platform, and all you have to do is pass that context to Embeddable when you request the Embeddable to be loaded for the user.
We use the user_id, org_id, and any other parameter, or string of parameters you want in order to filter the data that’s returned for the user. This ensures that even with a multi-tenant architecture, your customers/users will only see the data you want them to.
This avoids you having to ask the user to log in again, or having to move to a single-tenant approach and lose all of the efficiencies of your existing architecture.
Embeddable: next-gen embedded analytics
On top of providing an intuitive and performant way of providing your customers with access to secure data on a multi-tenant architecture, Embeddable takes a cutting edge approach to create the dream solution for you to deliver your analytics project - allowing you to get the full benefits of exposing valuable data to your customers.
Embeddable is the first embedded analytics solution to take a headless architectural approach - effectively meaning that you have complete control over the frontend. This approach allows you to modify, extend and style the library of components that are provided out of the box, in code. In addition to enabling the use of your favorite charting library, and existing components from your design system like buttons and icons.
By leveraging the power of a headless embedded analytics tool, you’ll be empowered to create analytics experiences that look and feel completely native to your platform, in addition to having infinitely extensibility - meaning you’ll never find yourself in a position where you can’t deliver on you users needs, or your team’s big vision.
Built from the ground up to be the dream solution for product and development teams to deliver remarkable analytics experiences, Embeddable is also built for speed – offering two layers of configurable caching and eschewing the need for an iframe by embedding via a web components that loads the charts natively within your application. In addition to lightning-fast loading speeds, this also gives you bi-directional communication between the analytics and your application.
On top of that strong foundation of flexibility and speed, you’ll also have access to advanced features that enable you to deliver self-serve data exploration to your customers, exporting options, drilldowns, and a host of other powerful features that will delight your customers.
Find out more about Embeddable’s next-gen approach to customer-facing analytics.