Architectural question


We are using Matomo for analytics. This data ends up in MySQL organized by a siteId, which identifies our customer. E.g. each hit, visit, action etc is stored in one massive table with a siteId column.

We are considering a move to Metabase for our reporting platform since Matomo has pretty limited reporting capabilities.

One requirement is to create a dashboard for each customer that we can embed in our application.

In order to filter the data by customer, should this be a parameter passed by our software to the embedded dashboard? Are there any risks that the end user could modify this parameter?

If we allow users to design their own Questions, is there a way we can prevent them from looking at any data other that where that siteId = their siteId ?


Locked parameters should do the trick for the embedding part:

Regarding allowing customers to design their own questions, the option you have is Full-App Embedding:

Full-app embedding.

This is a paid feature and will allow you to sandbox the customers to access data that is only visible to them