Skip to main content

Custom Reports

Overview

Custom Reports enable tailored analytics integration by embedding Metabase dashboards/questions into client portals. This guide covers secure implementation of parameterized reports while maintaining data isolation between clients.

Who is this for: Solutions Architects, DevOps Engineers, Client Success Teams When to use: Client requests for specialized metrics, multi-tenant analytics, regulatory/compliance reporting

Prerequisites

  1. Create a Metabase dashboard/question (if not already done)
  2. Enable embedding for the dashboard — Metabase docs
Security

Ensure that editable parameters do NOT include appId/clientId or anything that can be used to access other client's data.

  1. Add editable/locked parameters — Metabase parameter docs
  2. Create an MR in hv-central-config:
    • Use questionId for questions, dashboardId for dashboards
    • Specify lockedParams for locked parameters
    • Specify appearanceParams for appearance customization
warning

After config changes, it takes at least 15 minutes for changes to take effect.

Step-by-Step Guide

1. Dashboard Creation

  1. Design Metabase Question/Dashboard using query builder or SQL editor
  2. Implement row-level security:
    WHERE client_id = {{clientId}}
  3. Configure visualizations (chart types, drill-through)

2. Embedding Setup

  1. Enable Static Embedding: Admin Settings → Embedding → Enable
  2. Lock sensitive params:
    "lockedParams": {"client_id": "CLIENT123"}
  3. Set editable params:
    "editableParams": ["date_range"]

3. Deployment Configuration

Update hv-central-config:

customReports:
- name: "Client Health Report"
questionId: 45
lockedParams:
client_id: "{{clientId}}"
appearanceParams:
bordered: true
titled: false

Security validation:

  • Test parameter injection scenarios
  • Verify JWT token expiration (recommended 10 min)

Security Architecture

graph LR
A[Client Request] --> B{JWT Validation}
B -->|Valid| C[Param Injection]
C --> D[Metabase Query]
D --> E[(Database)]
  • Session-bound tokens prevent URL tampering
  • Sandboxed database connections per client

FAQs

Q: Why 15-minute deployment delay? A: Infrastructure refresh cycle for config propagation.

Q: Handling multiple client timezones? A: Set report_timezone parameter in Metabase config.

Additional Resources

Was this helpful?
Ask AI

Ask anything about the internal documentation

AI answers are based on internal documentation. Verify critical information.