Skip to main content

Build a Secured Multi-Tenant Healthcare Application using Custom Property and User Context

Today, SaaS businesses are mostly multi-tenant applications, providing a single centrally administered architecture to serve multiple customers (tenants). These tenants can be within an organization or different businesses, with all its data stored in the SaaS system. Data privacy and securing the data from other tenants are both critical in these deployment scenarios.

For this purpose, the tenant's data can be partitioned logically within a single database using shared/multiple schemas, or the data can be partitioned physically where each tenant has a separate database.

In this article, we'll show you how to logically and/or physically separate the tenant's data with Wyn Enterprise, using User Context attributes.

These attributes can be used to define the rules for dynamically restricting the data available to each tenant logged in to the same portal. User contexts can either be used to provide row-level data security in a document or database-level security for a data source. It acts as an additional layer of data security extending the role-based security that is built into Wyn Enterprise.

Multi-tenant Applications for the Healthcare Industry

Personal Identifiable Information (PII) is especially important to the healthcare industry. Suppose the Health Information and Management System (HIMS) of a hospital chooses to store its data in different databases, providing authorized access to certain user groups.

There may be databases:

  • With different healthcare departments in the hospital (Neurology, Cardiology, Oncology, etc.). All of these departments have authorized access to doctors to see the history of the patients they treated.

  • With patient treatment histories.

For this blog, let's name the former set of databases based on the department names: "Neurology," "Cardiology," and the latter one as "Patients."

The individual tenants accessing their specific data in the Wyn Security Layer are as follows:

  • Tenant John and Fred are patients and want to view their treatment history from a "Patient" Database
  • Tenant Smith, is a doctor and wants to see the data of the patients he has treated from "Neurology" Database
  • Tenant Marcus is another doctor and wants to see the data of the patients he has treated from "Cardiology" Database

The patients, John and Fred, are trying to access the same database. We need a User Context that can be used to filter the respective rows for them. The doctors, Smith and Marcus, are trying to access the isolated databases for their departments. We need a User Context here that can identify the department as well as the patients they have treated.

The User Contexts for the defined scenario can be as follows: * Department: Patient, Neurology, Cardiology * PatientID * DoctorID

Let's see how we can define these User Contexts in Wyn Enterprise.

User contexts are related to a user. First, we need a Custom Property to store information about users. It can be added to user profiles from the Custom Property page in the Admin Portal. Once we have the user properties defined, we can map them to user contexts that we will be used by making sure they are present in the Claims list of the User Contexts page.

You can follow the documentation to see in detail how you can create a custom property and add a claim for the user context in Wyn Enterprise.

For this blog, we created the custom properties based on the user contexts identified above — Department, PatientID, DoctorID as shown below:

While the department has predefined available values for the different departments in the hospital, PatientID and DoctorID have no available value because it will be unique for the users — the patients and doctors.

When you create Custom Property, the claim is automatically created on the "User Context" page as shown below. This claim name is used to map the user context with custom property for dynamic filtering in a document.

Note: On the "User Context" page, you also see some default user contexts like First Name, Last Name, Email, etc.

Now, the User Contexts that we mapped to the user's custom properties are available while creating users as shown below:

The next step is to add the users. Refer to our user documentation to add a new user to Wyn Enterprise.

We created the users for the scenario in this blog with the defined user contexts as shown below:

When you are ready with the User Context and users for your system, let's see where and how you can use them.

User contexts can be used on Document or Resource Portal in/as a Parameter value in Schedules, Parametric Filters in Shared DataSets, in DataSource Connection String, Security Filter in Semantic model, in SQL Query of Embedded Datasets in WynReports, Parameter/Filter in WynReports, etc. The syntax for using the user context attribute differs for the different Wyn Enterprise plugins.

It can be used:

  • As expression: "UserContext.GetValue("<claimName>")" in WynReports. You can define filter on a Table control in WynReports using user context expression, as shown below:

As you see, User Context can be applied to any document in Wyn Enterprise to achieve multi-tenancy in your system. You can also use it with the users in your ActiveDirectory (using Security Providers).

Empower Teams with Ad Hoc Reporting and Self-service Analytics

Provide your team with a unified, enterprise-level, self-service data analysis and decision support platform. Wyn Enterprise is a web-based BI and data analytics platform that provides greater insight into your data.

Wyn offers built-in tools for report and dashboard creation, data governance, security integration, embedded BI, automated document distribution, and a business-user friendly interface for self-service business intelligence.

Wyn's easy-to-use designers allow non-technical business users to build interactive dashboards with drill-down and cross-filter functionality quickly.

Users can independently create ad-hoc reports to visualize data and obtain meaningful insights from their reports.

About the author

Paarisha Rana

As a software engineer, Paarisha enjoys GrapeCity's environment of encouragement and learning. She enjoys reading, aerobics, travelling, and exploring historical places. Paarisha graduated from Uttar Pradesh Technical University (UPTU) at Lucknow (India) with a Bachelor's of Technology in Information Technology, and you can find her on LinkedIn.
Back to top