question

it does get complicated once customers are allowed to hook up tools to it. If it's a fairly straightforward (small) schema, you might be able to grant them access via views that filter the data appropriately. Something to this effect could work: create view source_table_view as select src.* from source_table as src inner join security_table as sec on src.company_id = sec.company_id where sec.user_id = suser_sname() then hook up the analytic tools to the views. On the more complex side, I've seen one database per customer to ensure appropriate segregation of financial data. With this model, customers can hook up analytic tools to their database without concern that they might see another customer's data. The best practices tend to revolve around isolation of customer data, regulatory compliance and which approach works best with the way you architect and deliver your SaaS solution. Like with most best practices, I don't believe there is a blanket set of practices that can be described as 'best' across the board. With that being said, Microsoft, who have pretty deep experience with the SaaS model, have published *Design patterns for multitenant SaaS applications and Azure SQL Database*, which will probably have some great information to guide your own design decisions - [ https://azure.microsoft.com/en-us/documentation/articles/sql-database-design-patterns-multi-tenancy-saas-applications/][1] Despite its name, much of the pattern information in the article is platform agnostic, they just tie it in with Azure specific offerings. [1]: it+does+get+complicated+once+customers+are+allowed+to+hook+up+tools+to+it.++If+it's+a+fairly+straightforward+(small)+schema,+you+might+be+able+to+grant+them+access+via+views+that+filter+the+data+appropriately.++Something+to+this+effect+could+work:+++++create+view+source_table_view+++++as+++++++++select+src.*++++++++++from+source_table+as+src++++++++++inner+join+security_table+as+sec++++++++++++++on+src.company_id+=+sec.company_id++++++++++where+sec.user_id+=+suser_sname()++On+the+more+complex+side,+I've+seen+one+database+per+customer+to+ensure+appropriate+segregation+of+financial+data.++With+this+model,+customers+can+hook+up+analytic+tools+to+their+database+without+concern+that+they+might+see+another+customer's+data.++The+best+practices+tend+to+revolve+around+regulatory+compliance+and+which+approach+works+best+with+the+way+you+architect+and+deliver+your+SaaS+solution.++Like+with+most+best+practices,+I+don't+believe+there+is+a+blanket+set+of+practices+that+can+be+described+as+'best'+across+the+board.++With+that+being+said,+Microsoft,+who+have+pretty+deep+experience+with+the+SaaS+model,+have+published+Design+patterns+for+multitenant+SaaS+applications+and+Azure+SQL+Database,+which+will+probably+have+some+great+information+to+guide+your+own+design+decisions+-+ https://azure.microsoft.com/en-us/documentation/articles/sql-database-design-patterns-multi-tenancy-saas-applications/