Security of multi-tenancy with SQL datasource

We were planning to use Grafana to give external organisations access to some dashboards which would used SQL datasource but our brief investigation showed that it would be completely unsecure since apparently in case of SQL Grafana’s frontend just sends raw SQL query to backend so once a user is authenticated he can just issue any SQL query to the same backend to get any data from DB.

I might be wrong about it so I just wanted to confirm if this is indeed the case.

Normally, for secure solution, SQL would never leave backend (would be stored there) with frontend being able to only call predefined stored SQL but looks like it isn’t a case for Grafana.
Maybe the situation is different for other data sources but it seems that SQL + muti-tenancy = unsecure solution at least for now if I am not mistaken.

Hi eduardsergeev,

That’s right, once the user is logged can edit the query and obtain other data, I tested with PostgreSQL and MySQL.
but you can harden this if you only give access to stored procedure, and from this procedure you control the logic of your query.

you can harden this if you only give access to stored procedure, and from this procedure you control the logic of your query

Indeed this would somewhat restrict the access but since it is muti-tenant setup tenant ID would need to be passed to stored procedure which can easily be replaced by the malicious (authenticated) user. The only way to make it secure is to define stored procedures per tenant which is rather impractical.