tags:

views:

167

answers:

5
+1  Q: 

One schema for all or separation of Schema for each customer?

Lets say you build an application which needs to serve several customers (data is never shared between customers) and the customer data itself is sensitive.

How would you design the database to prevent that suddenly (e.g. a bug) data from one customer is visible to another?

E.g. We have a projects table which contains projects of a customer. Now we could chuck all projects (of all customers) into that table or create a schema for each customer.

I like the idea of schema separation (cause it would totally separate the data) but as I never did it i am not sure if this is a good approach (e.g. change of the schema would require the maintenance of all customer schemes).

Important: The application contains master data which is shared across all customers (e.g. customer accounts, settings, templates, etc.) as well. So another disadvantage what I expect would be the maintenance of multiple connections at the same time...

UPDATE: Would it be possible to replicate just the schema automatically?

A: 

I think that your idea of separating every customer out would be the best option. Your master data could be kept by itself and would be ok as long as Clients do not access that table (or at least access it often). The key would in the separation of all the Client's sensitive data, agreed that this would cause more work. But hey, that's what you get for expanding your business.

Suroot  2009-03-06 03:26:13
do you know if i could use replication for that somehow? is it possible to replicate the schema only?
Michal  2009-03-06 03:34:36
Well I think that your schema would be simple to replicate on multiple databases. The key would be reprogramming your code to use the different databases for each client.
Suroot  2009-03-06 03:57:03
A: 

With your requirements, separate customer DB schema's sound like a good idea. It'll be a bit of a headache, but not as much as a lawsuit.

sblundy  2009-03-06 03:26:23
A: 

You could instead create a single master table and have one view per customer. All queries would then go through this view, which would filter out everything outside of the relevant customer.

This makes maintenance easy since the views only define a single constraint (on the customer) and do not contain any other schema information.

Here's an example in MySQL (not the best DB for views, but hey)

CREATE VIEW projects.foocust AS SELECT * FROM projects WHERE customer = 'foocust';
rjh  2009-03-06 03:33:26
A: 

My advice would be to separate the data for each customer as much as possible. Using SQL Server I would store each customer's data in a separate database (you can have many separate databases in an instance of SQL Server). If you don't have that option, a schema could do something very similar.

Robert Lewis  2009-03-06 03:43:52
+1  A: 

To properly weight the option I think you need to analyze the quality of your application code. I have built many systems for huge customers that shared databases just fine where we never had any concern about cross-sharing data. If you have high quality code where the authorization logic is secure, then I would always use one schema; maintenance is so much easier that way

On the flip side. If you have cobbled together asp pages with no business object library with no standard and centralized authorization logic; then certainly use different databases with unique logins per customer.

DancesWithBamboo  2009-03-06 05:46:25
i think you got the point ... if its coded properly i dont want to have the overhead of maintaining more schemes. If the App gets bigger and run into security problems then we might switch.
Michal  2009-03-06 07:53:06

related questions

How do you determine how far to normalize a database?
Tips for database design in a web application
How do you deal with polymorphism in a database?
Database Patterns
Is it okay to have a lot of database views?
Extra tables or non-specific foreign keys?
Implementing a '20 Questions'-like Wizard in a Database
Database Design for Revisions?
Which database table Schema is more efficient?
How do you build a ratings implementation?
How should I model a field that can contain both numeric and string values in SQL Server 2005?
What if analysis on multi dimensional cubes (OLAP)
Data model for a extensible web form
Database Schema Diagram Design Tool
Good strategy for leaving an audit trail/change history for DB applications?
How do you recommend implementing tags or tagging
One database or many?
Suitable E-R notation for introductory DB design course? Good/free diagram tools?
What is the best strategy for retainment of large data sets?
Query a union table with fields as columns.
When is a file just a file?
Database triggers
What are the advantages of using a single database for EACH client?
Database, Table and Column Naming Conventions?
Auto Generate Database Diagram MySQL