Database Security is a concern. The Tenant information should not be accessible to just anyone. And they would like to keep the financial information internal, and not let outsiders or other companies see the details of their operation.
1. Create tables of the data access needs of your users.
2. Create a security plan that includes authentication and authorization and general policies and procedures. Consider the use of roles, stored procedures, views, and other tools.
3. Create a preliminary threat analysis.
4. Make a preliminary disaster management plan.
5. Create a view of the data that is tailored to the needs of one of your uses.