Yellowfin Evaluation Guide
Yellowfin is used for both enterprise analytics and embedded analytics use cases and for building bespoke analytical applications. Use this guide to ensure Yellowfin is the right technical fit for your requirements.
Multi-Tenancy
-
Overview
Updated 18 September 2024Yellowfin can easily be configured to allow multiple tenants within a single environment. This is primarily accomplished using a feature called “Client Organizations”. Client organizations provide each of your tenants with a siloed, secure, and customized experience within their own segment of the application, and offers several features for limiting user’s access to data at an organizational level.
All client organizations lie under a single primary “Parent” organization that manages broad global settings, and provides an initial framework for content distribution.
Each user can belong to one or many client organizations, and which organization they access in a given session is specified on login
-
Content Management
Content can be managed within a multi-tenant organisation so that you can share common content across all tenants, have unique content for each tenant or a mix of both.
Do I need to copy content for each tenant?
No, you can share content across all tenants. This content is viewable by each tenant and data can be filtered to ensure that each tenant only sees their own data. Individual tenants cannot edit ‘global’ content.
How can I share common content across all tenants?
By default, any content created within the parent organization will be visible to all client organizations. This content can be secured to limit that access, but is often used to provide all clients with a “pre-canned” experience of pre-built reports.
Can my tenants create their own unique content?
Once logged into a tenant organisation (a client organization), the user is presented with the same core functionality available to their user role as they would have at the primary organization, however any content created within the client organization will only be visible to that client.
Can my tenants have their own security policies for content?
Because it is possible to create user roles, groups, and content folders within a client organization, clients are able to choose between maintaining their own unique complex security structure, and inheriting the one provided by the default org.
Can content be styled to match a tenants preferred style?
With client organizations, branding can also be personalized to the individual tenant, including chart colors, fonts, and application styling. This will be applied to both global content as well as their own.
Further Reading:
-
Data Separation
How do I segregate my Customers’ data and keep it safe?
What combination of features you use to secure data within Yellowfin is largely dependent on how that data is stored today. Employing Yellowfin’s multi-tenancy functionality provides two additional data security tools that can be used in conjunction with the standard user-level data security
This is to either by logically (Client id) or physically (Individual Database) separating your clients data.
It is worth noting that both of these features also apply to report creation. This allows your users to serve themselves in an ad-hoc capacity, with the assurance that they can only ever access data they are permissioned to see.
In some cases clients have chosen to run separate instances of Yellowfin for each of their clients when security and data segregation are a significant concern – mimicking the deployment of their own partitioned application deployment.
How do I logically separate my clients data?
To logically separate your clients data you would use row level security. Much like user-based “access filters”, this is a mandatory filter on your data, applied to all reports created on a specific view. However, in this case, the filtering value is associated with the entire organization a user is logged into. Once the client organization feature has been enabled, the client reference id can be associated with a column such as “Company” at the view level. This provides for logical segregation of data.
Do I have options to physically segregate data?
Yes you can. In this case, each of your clients have their own database that shares a common schema with the rest. Rather than apply a filter to each report, we can swap the connection that report is using based on what organization the user is in, and send the query to that client’s specific database. In this approach the parent organization is typically connected to the dev/demo database. This provides for complete physical segregation of data.
Further Reading:
-
Styling
Can I create a unique branded experience for my tenants?
Yes you can. By restyling yellowfin you can brand Yellowfin uniquely for your tenants.