TurboApps is Unvired’s versatile platform for digital forms and low-code applications. Recognizing the growing demand for actionable insights and data-driven decision-making, we integrated Apache Superset into TurboApps. This integration empowers users with advanced analytics and dynamic data visualization tools.
In this blog, we will delve into how TurboApps extended Superset’s capabilities to provide a robust multi-tenant analytics solution. Read Part 1 here to learn how Turbo Forms App can streamline your operations!
A Quick Recap
What is Superset?
Apache Superset is a modern, open-source data exploration and visualization platform designed to meet the growing demands of businesses seeking scalability and flexibility in their analytics. It offers a wide range of features, including:
- Interactive Dashboards: Build and explore visually rich dashboards with ease.
- SQL-Based Analytics: Empower data analysts to query datasets directly for custom insights.
- Role-Based Access Control (RBAC): Assign roles to users, ensuring controlled access.
- Multi-Database Support: Seamlessly connect to various data sources for comprehensive analysis.
Why Multi-Tenancy is Critical
Multi-tenancy is essential for organizations serving multiple clients or business units. It enables:
- Secure Data Isolation: Ensures that each tenant can only access their own data.
- Cost Efficiency: Reduces operational costs by sharing resources across tenants.
- Simplified Management: Streamlines infrastructure maintenance while supporting scalability.
Superset’s Security Model: Key Concepts
To enable multi-tenancy in TurboApps, Unvired utilized Superset’s robust security model as the foundation. Below are the key components and how we customized them for TurboApps’ unique requirements.
Roles: The Foundation of Access Control
Roles are the backbone of Superset’s access control system. Superset includes default roles such as Admin, Alpha, and Gamma, which provide varying levels of access to datasets and dashboards:
- Admin: Full access to manage datasets, dashboards, and users.
- Alpha: Advanced privileges for creating and editing dashboards and queries.
- Gamma: Restricted to viewing dashboards and accessing predefined datasets.
Unvired’s Customization
While the default roles offer a starting point, Unvired tailored them to align with TurboApps’ multi-tenant architecture. This customization included:
- Tenant-Specific Roles: For example, roles like Tenant-1-Manager and Tenant-2-Analyst were created to limit access to tenant-specific data.
- Scalable Role Management: Roles were designed to accommodate dynamic user additions, ensuring seamless scaling as tenant needs evolve.
Row-Level Security (RLS): Data Segmentation
RLS policies act as filters to enforce data access rules based on conditions such as TenantID. It is a unique identifier assigned to each tenant in TurboApps. For instance:
- A query filtering data with TenantID = ‘Tenant-1’ ensures users from Tenant-1 see only their organization’s data.
- The RLS policies dynamically apply these conditions, preventing any unauthorized access to other tenants’ information.
Unvired’s Implementation
In TurboApps, RLS is implemented dynamically for datasets linked to tenants. By leveraging the platform’s metadata database, these filters are applied in real-time to ensure data segregation without duplicating datasets, reducing complexity and improving efficiency.
Dashboard RBAC: Fine-Tuned Control
Role-Based Access Control (RBAC) extends beyond datasets to dashboards, enabling data source access both shared and tenant-specific analytics. Superset allows administrators to assign dashboard access based on roles, ensuring flexibility and security.
Unvired’s Approach
To meet diverse tenant needs, Unvired classified dashboards into:
- Global Dashboards: Shared across tenants for common operational metrics, accessible to roles like Global-Admin.
- Tenant-Specific Dashboards: Exclusively visible to tenant-specific roles, such as Tenant-1-Manager.
Unvired TurboApps: Simplifying Security for Better Insights
By adapting Superset’s security model, Unvired enabled TurboApps to achieve a secure and scalable multi-tenant architecture. Here’s how this model benefits tenants:
- Understandable Structure: Role-based access and RLS simplify permissions, so users intuitively know what they can access.
- Seamless Experience: Dashboards are pre-configured for each tenant, ensuring a smooth onboarding process.
- Dynamic Flexibility: As businesses grow, Unvired’s scalable roles and policies ensure their analytics evolve effortlessly.
How TurboApps Achieved Multi-Tenancy
To extend Superset’s capabilities for multi-tenancy, TurboApps implemented a comprehensive and scalable strategy designed to meet the diverse needs of tenants. Below is a detailed breakdown of the key steps taken:
1. Custom Role Creation: Streamlining Access Control
TurboApps developed custom roles tailored to meet tenant-specific requirements, building upon Superset’s default roles (Admin, Alpha, and Gamma roles). These custom roles:
- Restrict Unauthorized Access: Ensure users cannot access datasets outside their tenant’s scope.
- Persist Across Upgrades: Designed to remain functional even after platform updates for consistent performance.
- Comply with Policies: Maintain adherence to tenant-specific data security regulations, reducing compliance risks.
2. Tenant-Specific Roles: Granular Permissions for Better Control
For precise access control, TurboApps introduced tenant-specific roles, such as Tenant-1-Admin and Tenant-1-Manager. These roles:
- Map Directly to RLS Policies: Seamlessly align with row-level security filters for data segregation.
- Enable Flexible User Management: Allow tenant admins to assign permissions efficiently based on their organizational hierarchy.
- Ensure Relevant Access: Restrict users to interacting only with datasets and dashboards specific to their organization.
3. Enforcing Row-Level Security (RLS): Maintaining Data Segregation
TurboApps leveraged RLS policies to implement dynamic filtering of datasets using tenant identifiers like TenantID. This methodology:
- Applies Real-Time Filtering: Ensures users see only data associated with their TenantID without requiring manual intervention.
- Reduces Redundancy: Eliminates the need to duplicate datasets for each tenant, minimizing overhead.
- Simplifies Management: Makes it easier to update or add tenants without disrupting the existing structure.
4. Seamless User Onboarding with SSO: Simplifying Access
By integrating Single Sign-On (SSO), TurboApps streamlined the user onboarding process, automating role assignment and policy enforcement. Key benefits include:
- Automated Role Assignment: Users are automatically assigned roles like Alpha or Gamma based on their profiles within TurboApps.
- Tenant-Specific Integration: Additional roles, such as Tenant-2-Analyst, are applied dynamically to enforce access controls.
- Improved User Experience: SSO ensures a frictionless onboarding process, enhancing adoption rates.
5. Enhanced Dashboard Management: Tailored Analytics for Every Tenant
To meet diverse analytical needs, dashboards were categorized into two types:
- Global Dashboards: Shared insights available to admins and managers across all tenants, enabling cross-tenant comparisons and trend analysis.
- Tenant-Specific Dashboards: Restricted dashboards tailored to individual tenants, providing custom analytics while safeguarding privacy.
Key Outcomes
This table highlights the key outcomes of implementing multi-tenancy in TurboApps. It outlines how the system meets diverse needs while optimizing performance, security vulnerabilities and compliance.
| Key Outcome | Description | Examples | Impact on Tenants | Business Benefit |
|---|---|---|---|---|
| Stronger Security | Tenants operate within isolated data environments, ensuring strict compliance with privacy and regulatory requirements. | Data segregation via Row-Level Security (RLS). | Protects sensitive tenant data. | Reduces risks of breaches or non-compliance. |
| Scalable Design | The architecture supports effortless onboarding of new tenants without the need for infrastructure modifications. | Dynamic role creation and dataset access. | Simplifies onboarding for new tenants. | Accelerates business growth. |
| Operational Efficiency | Shared resources and automated management processes reduce administrative overhead and enhance system performance. | Streamlined resource sharing via global policies. | Minimizes tenant operating costs. | Reduces management workload and costs. |
| Tailored Insights | Custom dashboards and RLS policies deliver actionable, tenant-specific analytics to meet unique organizational needs. | Role-specific dashboards for each tenant. | Provides relevant insights to tenants. | Boosts tenant satisfaction and retention. |
Looking Ahead
TurboApps is committed to continuous innovation. Our upcoming Provisioning API will further enhance the platform’s capabilities by simplifying tenant management, role assignments, user login, and dashboard configurations. These advancements aim to deliver a frictionless experience for administrators and end-users alike.
Explore how TurboApps can transform your business with advanced analytics and multi-tenancy solutions. Discover personalized insights, business intelligence and streamlined operations for your team
Get Started
Are you ready to unlock the full potential of TurboApps with tenant-specific analytics? Contact Us or Request a Demo to see how we can transform your data-driven strategies!
Frequently Asked Questions
What is multi-tenancy in Apache Superset?
Multi-tenancy in Apache Superset enables multiple groups or organizations to share the same Superset instance while keeping their data and dashboards separate. This is crucial for companies that require isolation between departments or for service providers offering Superset as a hosted solution to multiple customers.
How can I achieve multi-tenancy in Superset?
To implement multi-tenancy in Superset, you can define user roles such as Admin, Alpha, and Gamma, each with specific access levels to datasets and dashboards. These roles can be customized to align with your organization’s structure.
Can Superset support multiple tenants with separate databases?
Yes, Superset software serves multiple customers with separate databases. You can configure separate database connections for each tenant. After setting up these connections, assign datasets to the appropriate database connections to ensure data isolation. Managing roles and permissions ensures that users only have access to their designated datasets underlying databases and dashboards.
