Our software supports database per tenant, but in production we've yet to use that feature. Instead of adding filter by tenant to all the queries, we created row level security on a MS-SQL database. Each Tenant has its own SQL USER. Each database tabale uses security policy to apply a predicate at the database level. That predicate will check the SQL USER running the query and apply a predicate to filter out any rows that are not for that tenant. This has the advantages that the developers are no longer responsible for applying the tenant filter in the code, and that any SQL injection attacks will automatically be restricted to just that tenant. Obviously this is only a practical solution when you have a low number of tenants.

For our SaaS product, we're using a hybrid model. Consumers are, writ-large, on one of several regionally-pooled APIs & DBs. For our important enterprise customers, we have dedicated environments for each. This gives them complete isolation and better performance guarantees. We can also move customers from one pool or environment to another in cases where a shared customer is promoted to an enterprise customer - this is where globally unique ids can save you. The enterprise fees are commensurate with the development of both the hybrid model and the resources they're consuming in their environment. I can tell you one thing for certain: Infrastructure as Code helps a ton if you're doing either pooled DB & API, DB & API per tenant, or both simultaneously. It makes spinning up those extra environments and deploying changes much, much faster and more reliable.

We have a shared database for all tenants and use query filters. Works well enough. We plan to squeeze as much life out of this setup as we grow before we decide to take on any more complexity.

If you're going with database-per-tenant, I would just make sure you seriously take the time upfront to build (or buy) proper sync and validation tools between each database. Easy to skip if you're just starting with a handful of databases, but that number creeps up, and executing a schema change in a thousand databases, or running 999 schema comparisons manually isn't a lot of fun.

One of the advantages for database per tenant is if you need to do a database restore. This allows a single tenant to be affected.

It is worth noting that a multi-tenant system can, more or less cheaply, support a single tenant on a new instance, e.g. if you have some tenants with gigantic amounts of data, or expect some with legal restrictions needing an on premise instance. The reverse path can be more complicated, if you finally realize that you can't maintain a lot of instances.

Very nice topic. Great overview of important considerations and options. There are so many variations. Database versioning. API versioning. Backwards compatibility. Containerized versus shared resources. Single instances or Cluster. Split per schema on the same host versus different tables in the same schema versus one distict daemon or machine per tenant ... production, staging and testing environments ... split by tenant in the user-facing data center but mirror into a shared data structure ...

At all the banks I've worked at, and where I'm at now (a data analytics company) we always use database per tenant. It's the right thing for us, we cannot risk a query defect leaking data, or a problem with one tenant affecting others, or a query-heavy tenant affecting the CPU/RAM of other tenants. Also if we have to restore (which we've done once or twice over the years) it only affects a single tenant. The downside is migrations and cost. But it greatly simplifies our application architecture and compliance audits.

I think the hybrid approach is valid: 1 only database to maintain and a schema dedicated for each tenant. Sometimes it's possible to spread schemas along 2 or more db instance to tackle noisy neighbors or performance issues. Schemas ensure isolation without applying any query filters. it's like to select the right database but without the burden to manage many databases.

At my previous job, we tried to do database per tenant for a SaaS product and one issue we ran into was the actual provisioning of database. We tried to create the database “on-demand” - i.e when a user signed up as a new organization. The problem was we did this on azure with mssql databases so naturally it was slow and added complexity to the sign up process (showing the user a “please wait” screen, azure API requests with preconfigured ARM templates, retries on db creation failure, attempting to use a pool of databases and expanding the pool when needed, managing elastic pools, etc). Not to mention the cost aspect and migration rollouts. Should have gone with something like RLS or query filter

I inherited a db per tenant architecture. With CI/CD and automation in place many of the downsides mentioned are easily addressed other than cost. Our real complexity came from also having tenant-agnostic data that all tenants nevertheless need access to.

Thank you so much this is ultra informative! Im working on a multi tenanted system right now, and the timing is impeccable!

For HPC workloads, its always better to have multiple databases, hopefully on different machines, even if it takes more maintenance.

Also consider data privacy and retention laws vary by country, so you might want to have a shared multi-tenant database for each unique region/country that your clients are in. Reduces complexity from one db per client, but makes dealing with each unique set of privacy laws easier.

Resources for tenant, including database and potentially API, also have an impact for provisioning new tenants. If you have a single database and API for all your tenants, provisioning a new tenant is pretty trivial. If every tenant gets their own same resources, then you have to provision and potentially seed all those resources every time you deploy new tenant. Just something else to consider

Great video, you covered a lot of variations. Multi-Tenant with Supabase is great when using their auth and Postgres functions. There is not need to send user or tenant info because it is part of the session and accessible from the function call, they also scale amazingly.

Thanks Man! really need this video for a project.

Besides using a UUID for the customerID, wouldn't it also be a good idea to also use a UUID for the tenantID? If you ever want to migrate a tenant from database A to database B, you might run the risk that a tenantID "1" already exists in database B.. In other words, making both the tenantID and customerID a UUID, you can move data around freely without running the risk of using duplicate keys or data leaking between tenant instances.

Single db is our approach and we limit the issue with noisy neighbours by using tenantId and PartitionKey. This way is azure storage when data is split between nodes, each tenant should be on one node, so they only affect this node

i love this channel. a topic that would really intrest me: how to deal with identity and access mangement stuff in a multi-tenant scenario - without cloud-lockin :)

For relational, shared database, horizontally sharded on tenant id with something like citus. Currently doing this in prod for 11b req/mo on 100k tenants. Would use nosql but the data in that database is quite relational with a lot of m:m. Considered graph db but most graph db are just an inefficient layer on top of nosql/rdbms. In general if you have a lot of databases, they are still on the same server, so they still share resources - separate databases really just saves you from having to put the tenant id in every table and use composite keys, but the cost is in the schema management.

Split to multiple for better querying, re-indexing.

I have multiple tenants per DB based on the query filter method. But I realized there are cases you want it separate. So I could built some infrastructure to opt-out for separate databases based om customer requirements. Provided that they don't want separate instances of the app all together. I have seen that some companies do that because of data requirements and so they don't upgrade all customers to newer versions without them paying. This is kind of the pre-Cloud and pre-SAAS method. I just feel like it must be a hell to manage with branching and patching bugs across specific codebases for each customer.

A tenant per collection for Document store, makes me a feel uneasy. I like the clear separation that it gives, however for many tenants with many collections...it gets messy quick. Other methods are either having the tenant ID on each document in a collection OR a tenant shard key.

We have a database per tenant model. In our use case, the system could be split into micro services, because 1/2 of the business logic and tables are exactly the same for all tenants. However, due to the needs of each tenant, we would have too many variations in the tables, and we need to do quite extensive join operations. We looked into a hybrid (multi-tenant for the 1/2 that's similar) and tenant per database, but since most of our business deals with joining from the "core" tables to the tenant tables, the test queries we ran were not promising. In our case, since we know exactly how the complexity runs, we have a git repo that is "core" repo, that every tenant is forked from and upstreams from, so in the few cases that we have to change things in the core tables, we just run the git upstream fetch commands. One thing to note, is that in our industry, data leakage is 100% not acceptable to any of our clients, and we'd probably lose them as an account (and this would be our best case scenario).

I love your channel! Thank you

Shared postgres cluster, database per tenant. A single program instantiating an application object instance per tenant for one project, for another separate Cloud Run per tenant managed by Pulumi

On SQL server you can do a RLS, so a query without a Tenant ID doesn’t return anything. You can even configure to bypass RLS with db admin users

In some cases, tenants might have different versions, e.g 8.7 vs 8.6 of the application and DB so sharing the DB between them is not feasible. Also some tenants might have some features which are not available for others. In short, it looks to me that having a DB for each tenant is more complicated but more flexible.

Depending on the RDBMS, schema per tenant may be of interest. To all intents and purposes, when you take advantage of the RDBMS security model, you effectively have a "logical" database that you can isolate with its own associated users. You can migrate individual schemas on a per tenant basis. This is just another option to consider in your toolkit of solutions. As ever, whether this makes sense depends on what you're doing, who you're doing it for, what data you're doing it with and what traffic you're dealing with from your various tenants. Like the other approaches mentioned by Derek, this isn't a "one case fits all" solution.

We have a notion of tenant (network) and just in the presentation we use automatic filtering on the tenant. The biggest issue is how to create indexes. Do you always index by the tenant id first? Or secondary? Or use db partitioning. Our system has a mixture of the above and quite frankly they are all have pros and cons. What do you think is the best approach of optimizing queries?

Regardless of your choice, Lumbergh is gonna need you to go ahead and come in on Saturday... thanks!

Have you ever heard of a SaaS product doing DB per tenant besides for legal reasons?

very interesting thanks

Hey, i'm developing a web application (ERP) with a database that will be exactly the same for multiple companies to get and store data. Should I continue with a single database for them all or should i create a database for each client i get? For now, the web application will be mostly to show up data, nothing heavy. Thx

another benefit of db per tenant is that they can geolocate near the tenant

Hello, thank you for the video. We are debating our approach for a multi tenant application. We will have some big tenants with sensitive data and some smaller tenants. The way would be a mixed environment with multiple schemas in the same db server. Now here comes a big problem, a system admin should be able to create form templates to be available for all tenants. What do you think would be the best approach to make these templates available? Is it possible for a tenant with his own schema to also access a “global schema”? Or is it possible to save the template as a “system admin” on all schemas? Could it be done with writing a view on the db accessing all schemas? Rel Db is Postgres. How would you consider keeping the tenant_id nullable so you can set default values for everyone? Possible use case get the default templates and the tenant specific templates. Thanks in advance.

Thank you

I have read all the comments but I don’t see about one database and separate schemas for each tenant. Isn’t it a solution? Can it work such a way? As I know PostgreSQL database can do it. Please give me your professional thoughts.

Hot Take: if you have a multi-tenant shared relational DB do not enforce FK. Have the keys but don't enforce them it will make your life so much better for splitting and changing data.

What is about Ai ?

Is “noisy neighbor” that big issue? I mean you can auto-scale instances (computing and database) in many cases.