What are the best practices for multi-tenant.
I basically have an analysis server with many databases. However, the database name is set on the client. So I dont know the best way to context switch in a secure way.
In a perfect world, the database could be set on the accelerator side and could change based on a JWT that is passed down.
... I guess one approach I could take is to put the catalog name in a JWT, and then when any query is submitted to the accelerator I could make sure the catalog being sent down matches the JWT. This seems secure to me, but could there be anything I am missing?
Hello, Marty!
Thank you for your question.
With the current architecture, it is necessary to explicitly set both the cube and catalog names in the Flexmonster report configuration. There is no built-in mechanism to hide or encrypt these names, making them visible and required in the client configuration. However, you can use the customData
datasource parameter to pass the JWT token to your server. With Flexmonster Accelerator DLL, you can process this JWT as a request parameter inside the request controller. While the cube/catalog name would still be visible, access to the data within them can be restricted by the user credentials encrypted inside the token.
You are welcome to check the example with customData
property: https://jsfiddle.net/flexmonster/faq275u1/
Also, you may check this article if you are interested in data access settings for SSAS data source: https://www.flexmonster.com/doc/data-access-accelerator/
Please let us know if his solution would work for you.
Best Regards,
Maksym