Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I set up QuickSight for common SaaS dashboards for multiple tenants with tenant per database using RLS?

0

I have a scenario where I would like embed a dashboard in a SaaS application with data specific to each tenant. I would like to use bulk reader pricing and anonymous urls (GenerateEmbedUrlForAnonymousUser). One possible solution would leverage RLS.

Each tenant has their own database. One way to handle this would be to create a single dataset with aggregated information using a tenant-id tag for RLS. How would I combine multiple data sources (RDS) into a single dataset for this purpose?

If this isn't possible, what are the alternatives that provide a common (or templated) dashboard going against a different datasource for each tenant?

The Embed multi-tenant dashboards in SaaS apps using Amazon Quicksight without provisioning or managing users blog entry does not discuss database-per-tenant.

Topics
AnalyticsCloud Financial ManagementBusiness ApplicationsMachine Learning & AISaaS on AWS
Tags
Cloud Intelligence DashboardsAmazon Quick SightSaaS on AWS
Language
English
asked a year ago228 views
1 Answer
0

To set up QuickSight for common SaaS dashboards for multiple tenants with tenant-per-database using Row-Level Security (RLS), you have a few options:

  1. Single Dataset with RLS: You can create a single dataset that combines data from multiple tenant databases using RLS. This approach involves:

a) Creating a data source for each tenant's database in QuickSight. b) Using SQL queries or custom SQL to combine data from these sources into a single dataset. c) Adding a tenant identifier column to distinguish data from different tenants. d) Implementing RLS using this tenant identifier.

However, combining multiple RDS data sources into a single dataset can be challenging and may not be the most efficient approach, especially if you have a large number of tenants.

  1. Separate Datasets with Common Dashboard: An alternative approach that might be more suitable for your database-per-tenant scenario:

a) Create separate datasets for each tenant, each connecting to its respective database. b) Design a common dashboard template that can work with any of these datasets. c) Use the QuickSight API to programmatically create and manage dashboards for each tenant based on this template. d) When embedding, use the appropriate dataset for each tenant.

This method allows you to maintain separate databases while still providing a common dashboard experience. It's more scalable and easier to manage with a large number of tenants.

  1. Using Namespaces: QuickSight supports namespaces, which can be used to isolate resources for different tenants:

a) Create a namespace for each tenant. b) Within each namespace, create the necessary datasets and dashboards. c) Use the same dashboard design across namespaces for consistency.

This approach provides strong isolation between tenants and can work well with your database-per-tenant model.

For embedding using anonymous URLs (GenerateEmbedUrlForAnonymousUser):

  1. Set up IAM roles with appropriate permissions for QuickSight embedding.
  2. Use the QuickSight API to generate embed URLs for each tenant's dashboard.
  3. In your SaaS application, use these URLs to embed the dashboards, ensuring each tenant only sees their own data.

Remember to implement proper authentication and authorization in your SaaS application to ensure tenants can only access their own dashboards and data.

While the blog entry you mentioned doesn't specifically address the database-per-tenant scenario, these approaches can be adapted to work with your specific requirements, allowing you to leverage bulk reader pricing and anonymous URLs while maintaining data separation between tenants.
Sources
Support multi-tenant applications for SaaS environments using Amazon QuickSight | AWS Business Intelligence Blog
Embedding QuickSight dashboards for anonymous (unregistered) users - Amazon QuickSight

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content