Multi-tenancy is the requirement that makes embedded analytics genuinely hard. It's also the requirement that gets added to the scope after the initial build — once customers are live, tenants are accumulating, and the team realizes that what they built for a single customer doesn't scale cleanly to twenty.
This chapter breaks down what multi-tenant reporting actually requires, technically — not at a conceptual level, but at the level of decisions your team will have to make and problems they will have to solve. Whether you're building or evaluating a platform to buy, this is the checklist that matters.
Requirement 1 — Data Isolation: Enforced, Not Assumed
The most fundamental requirement in multi-tenant reporting is that Tenant A cannot see Tenant B's data. This sounds obvious. The implementation is where teams get into trouble.
There are three ways to handle data isolation, each with different implications:
Shared database, shared schema
All tenants' data lives in the same tables, distinguished by a tenant ID column. Isolation is enforced by adding a WHERE clause to every query. This is the simplest architecture to build — and the riskiest from a security standpoint. A missed filter in one query, a reporting tool that bypasses your application layer, or a JOIN that doesn't carry the tenant ID through correctly can leak data across tenants. For applications handling sensitive data — financials, healthcare, HR — this pattern is difficult to certify as secure.
Shared database, separate schema
Each tenant has their own schema within the same database instance. Tables are namespaced by tenant. Isolation is structural rather than query-dependent — there's no WHERE clause to forget. This is a reasonable middle ground for many ISVs, though it adds complexity to migrations (schema changes need to propagate across all tenant schemas) and has practical limits on how many tenants a single database instance can cleanly support.
Separate database per tenant
Each tenant has their own database instance entirely. Isolation is complete — there is no shared infrastructure between tenant data stores. This is the most secure and operationally flexible pattern, and it's also the most common in enterprise ISV deployments where customers have their own infrastructure or data residency requirements. It's also the hardest to build reporting around from scratch, because the reporting engine has to know which database to connect to at query time — for every user, for every report, dynamically.
Supporting a separate database per tenant requires the analytics platform to route each query to the correct data source at runtime, based on the identity of the user making the request. This is called dynamic data source routing. It's a platform-level capability — not something most charting libraries or query builders support out of the box. In Yurbi, it's included in every plan.
Requirement 2 — Row-Level and Column-Level Security
Data isolation at the tenant level is necessary but not sufficient. Within a single tenant, different users typically need access to different subsets of data. A regional manager should see their region. A frontline user shouldn't see compensation data. An executive gets the full view.
Row-level security (RLS) restricts which rows a user can see in a given report — implemented correctly, this means the database query itself is filtered based on the user's identity and permission set, not just the UI. The enforcement has to happen at the data layer, not the presentation layer. A user who can access the data through any means — an export, a direct API call, a cached result — should get only the rows they're entitled to.
Column-level security restricts which fields appear in reports for a given user. Some users see revenue figures; others see units but not revenue. Implementing this at the report layer is relatively straightforward. Implementing it in a way that's consistent across all report types — including ad-hoc reports that users build themselves — requires the security model to be enforced in the data semantic layer, not just the report template.
Both RLS and column-level security are straightforward to describe and genuinely complex to implement correctly across a multi-tenant reporting system. Getting them wrong is a security incident, not a bug.
Requirement 3 — Per-Tenant Branding Without Rebuilding the UI
Most ISVs need their embedded analytics to look native to their product. That often means per-tenant branding — different logos, different color schemes, sometimes different report sets — without requiring your team to rebuild the UI for each customer.
At a minimum, this requires a branding configuration layer that controls colors, logo, and typography at the tenant level. At the high end, it means each tenant can have a completely white-labeled experience with their own logo and color palette, without your dev team touching anything after the initial configuration.
Building this from scratch typically means designing a configuration system that maps tenant identity to a set of style overrides, and ensuring that those overrides cascade correctly through every component in the reporting UI — charts, tables, export headers, email templates for scheduled reports, and the report builder interface itself if you expose one. It's not especially difficult, but it's more surface area than most teams plan for.
Requirement 4 — Performance at Scale
A reporting layer that performs fine at 10 tenants behaves differently at 100. The specific problems that emerge depend on your architecture, but the categories are consistent:
Query performance. Analytical queries against growing datasets slow down. A report that ran in 300ms against a tenant with one year of data runs in 4 seconds against a tenant with five years of data. Customers notice. Fixing this after the fact requires either query optimization (which requires understanding the query engine well), indexing strategies (which require understanding the data model well), or caching — which is its own infrastructure problem.
Concurrency. When multiple tenants run heavy reports simultaneously, they compete for database resources. A query from one tenant can degrade performance for all others — particularly in shared database architectures. Solving this at scale requires either dedicated resources per tenant or an in-memory caching layer that serves cached results for frequently-run reports without hitting the database every time.
Scheduled report delivery. When 50 tenants all have reports scheduled for 7am Monday morning, the job queue that processes those exports has to handle them. A naive implementation processes them sequentially; a production-ready system needs queuing, concurrency controls, failure handling, and retry logic.
Yurbi's FastCache engine stores query results in memory and serves them instantly for subsequent requests — with per-tenant isolation so cached data from one tenant is never served to another. Cache invalidation is configurable per report. This eliminates the most common source of performance problems in multi-tenant reporting without requiring your team to build and maintain a caching infrastructure layer.
Requirement 5 — SSO and Session Token Integration
Your customers are already authenticated into your product. When they navigate to the analytics section, they should not be asked to log in again. This requires the analytics platform to accept your application's session token and establish its own session for the authenticated user — without exposing a separate login interface.
This is typically implemented via one of two patterns: a server-side token exchange (your application calls the analytics platform's API to generate a session token, then passes it to the client), or a header rewrite approach (a proxy layer rewrites authenticated requests to include the necessary credentials). Either pattern works; the implementation complexity depends on your existing authentication architecture.
The important check when evaluating platforms: confirm that SSO is not a paid add-on available only at enterprise tiers. It's a foundational requirement for embedded analytics — not a premium feature.
The Multi-Tenant Complexity Summary
| Requirement | Build it yourself | Purpose-built platform |
|---|---|---|
| Data isolation (per-tenant DB) | Custom dynamic routing — significant architecture work | Built-in dynamic data source routing per tenant |
| Row-level security | Custom implementation — high security risk if incorrect | Enforced at platform layer, not application code |
| Column-level security | Per-report implementation — inconsistent across report types | Enforced via semantic layer across all report types |
| Per-tenant branding | Custom configuration layer across all UI components | Branding policies per tenant, unlimited configurations |
| Performance at scale | Requires custom caching layer and query optimization | In-memory FastCache with per-tenant isolation, included |
| SSO integration | Custom token exchange implementation | DoLogin API + header-rewrite SSO, documented |
None of these requirements are impossible to build. All of them are real engineering projects that require design decisions, implementation time, testing against real tenant data, and ongoing maintenance as your tenant count grows. For most ISV teams, the question is whether solving these problems is a better use of engineering capacity than building the features that differentiate your core product.
Multi-tenant embedded analytics, handled at the platform layer.
Dynamic data source routing, per-tenant branding, row-level security, FastCache — included in every Yurbi plan. No extra tiers, no separate pricing.
Download Free Trial