Using ReTool as a SaaS platform?

Hey Retool community! :grinning:

We are looking into building an app in ReTool where multiple organizations/businesses can log in. I would like that each business can only see the data in the database connected to their firm. I.e. upon log inn, Business A will see only their products in Table 1, but when Business B is logged inn, they will only see products for their business in Table 1 etc.

Is this possible to achieve in Retool? I have seen some previous discussion on using Retool for Saas platforms, but I couldn't quite figure out is Retool is a good choice for this or not.

Thanks in advance! :smiley:

Have anyone here created an SaaS platform using Retool and can share their experiences and thoughts? :grinning:

Hello Molly!

Great question indeed. I wondered this myself and ended up with a solution that works for me. It all comes down how to separate the different tenants’ data that is being served to your application.

I opted to use Supabase postgreSQL instead of Retool Database. The reason for this is that Supabase makes it possible to implement ”Row Level Security”, which means that you can limit the visibility of the data using policies that you can set up in Supabase database.

However, instead of setting up RLS, I opted to go for the following setup:

  • I have an ”organizations” table which defines a UUID and a name for each of my customer organizations.
  • In addition, I have a ”users” table that links the Retool users (sid and email address) to one of the organizations using a foreign key relationship.
  • Each of the tables in my database, e.g., ”products” has also a foreign key relationship to the ”organizations” table. Essentially each row in the table belongs to one organization or another.
  • When a user from an organization makes a request, I use postgreSQL functions to return the results. An example function could be ”get_all_products” function, that requires the user’s sid and email address as input parameters from Retool. The tough part is to set up the database function properly. First, the function is responsible for making sure this user matches an entry in the ”users” table, after which the function will use the organization_id of the found user to perform a ”SELECT * FROM products WHERE organization_id = user_organization_id” query.

The above setup makes it possible to save all product data of different tenant organizations in the same table, and the functions always make sure the query returns the data that the user is authorized to see. I never run plain SQL queries and I have decided to always rely on the carefully crafted functions. This way I can keep my Retool queries ”clean” and hide away the complexity of making sure the query returns the proper data.

I have found the following setup works quite well, granted that you are extra careful with the functions or queries you make.

Best of luck and never forget to carefully test your implementation!

Hey Ilmari! Thank you so much for the detailed answers, I really appreciate it! :blush: This helps me a lot when starting to implement my own SaaS solution. :nerd_face:

1 Like

Just as an addendum here, it is possible to implement Row Level Security in Retool as well. Just an option while you explore what will work best for you!

1 Like