Securely accessing and processing data in a multi-tenant data store

What is claimed is: 1. A method for accessing data in a multi-tenant data store, comprising: receiving, from one or more approval users, an approval message that indicates granted access to data objects that are stored in the multi-tenant data store and owned by at least one tenant; querying the multi-tenant data store for tenant-specific paths that are associated with accessing the data objects indicated in the approval message; initializing one or more virtual computing engines for accessing the data objects indicated in the approval message, wherein each virtual computing engine of the one or more virtual computing engines corresponds to one or more tenant-specific paths for a single tenant of the at least one tenant, and wherein each virtual computing engine of the one or more virtual computing engines is associated with an access role that limits access to the data objects indicated in the approval message for the corresponding one or more tenant-specific paths; accessing, via the one or more virtual computing engines, the data objects indicated in the approval message to provide access to a requesting user according to the access role for each of the one or more virtual computing engines; and retrieving, by the one or more virtual computing engines, copies of the data objects from the multi-tenant data store based at least in part on the tenant-specific paths, wherein each virtual computing engine retrieves respective tenant-specific copies of the data objects corresponding to the single tenant. 2. The method of claim 1 , further comprising: identifying a number of tenants of the at least one tenant, wherein initializing the one or more virtual computing engines further comprises: initializing a number of virtual computing engines for accessing the data objects indicated in the approval message, wherein the number of virtual computing engines is equal to the identified number of tenants. 3. The method of claim 1 , further comprising: hosting, at the one or more virtual computing engines, the retrieved tenant-specific copies of the data objects, wherein each virtual computing engine separately hosts the respective tenant-specific copies of the data objects corresponding to the single tenant. 4. The method of claim 3 , further comprising: processing the copies of the data objects at the one or more virtual computing engines without modifying the data objects that are stored in the multi-tenant data store. 5. The method of claim 3 , further comprising: running the one or more virtual computing engines on a shared computing cluster. 6. The method of claim 3 , wherein the retrieved copies of the data objects correspond to one or more particular data types based at least in part on the access role for each of the one or more virtual computing engines. 7. The method of claim 1 , further comprising: determining one or more approval users associated with data objects for the at least one tenant, wherein the approval message is received from one or more user devices corresponding to the one or more approval users. 8. The method of claim 7 , further comprising: receiving, from a user device corresponding to the requesting user, an initial access request message comprising an indication of the data objects, an indication of the at least one tenant, or both; and transmitting, to the one or more user devices corresponding to the one or more approval users, an indication of the initial access request message, wherein receiving the approval message is based at least in part on the initial access request message. 9. The method of claim 8 , further comprising: authenticating the user device, the requesting user, or both using a username, a password, a personal identification number (PIN), a biometric input, a multi-factor authentication, or a combination thereof. 10. The method of claim 1 , further comprising: generating a temporary user profile based at least in part on the approval message, wherein the temporary user profile has access to one or more tenants of the at least one tenant; and transmitting, to a user device corresponding to the requesting user, a temporary token associated with the temporary user profile, wherein the user device may use the temporary token to access one or more data objects stored in the multi-tenant data store and owned by the one or more tenants. 11. The method of claim 10 , further comprising: identifying an indication to revoke the granted access to the data objects; revoking, from the user device corresponding to the requesting user, the temporary token associated with the temporary user profile; and deleting the temporary user profile. 12. The method of claim 1 , further comprising: identifying an indication to revoke the granted access to the data objects; terminating the one or more virtual computing engines for accessing the data objects; and revoking access to the data objects indicated in the approval message according to the access role. 13. The method of claim 1 , further comprising: identifying an expiration timestamp for accessing the data objects; determining that a current timestamp exceeds the identified expiration timestamp; and revoking access to the data objects indicated in the approval message based at least in part on the determining. 14. The method of claim 1 , wherein querying the multi-tenant data store for the tenant-specific paths comprises: transmitting a query message comprising tenant identifiers for the at least one tenant to a data lake associated with the multi-tenant data store, a metadata database associated with the multi-tenant data store, or a combination thereof. 15. The method of claim 1 , wherein: the approval message indicates one or more data object types corresponding to the data objects; and the tenant-specific paths are based at least in part on the one or more data object types. 16. The method of claim 1 , wherein the data objects are accessed using read-only permissions according to the access role for each of the one or more virtual computing engines. 17. The method of claim 1 , wherein the access role comprises an identity and access management (IAM) role. 18. The method of claim 1 , wherein the tenant-specific paths comprise tenant-specific path prefixes. 19. An apparatus for accessing data in a multi-tenant data store, comprising: a processor; memory in electronic communication with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive, from one or more approval users, an approval message that indicates granted access to data objects that are stored in the multi-tenant data store and owned by at least one tenant; query the multi-tenant data store for tenant-specific paths that are associated with accessing the data objects indicated in the approval message; initialize one or more virtual computing engines for accessing the data objects indicated in the approval message, wherein each virtual computing engine of the one or more virtual computing engines corresponds to one or more tenant-specific paths for a single tenant of the at least one tenant, and wherein each virtual computing engine of the one or more virtual computing engines is associated with an access role that limits access to the data objects indicated in the approval message for the corresponding one or more tenant-specific paths; access, via the one or more virtual computing engines, the data objects indicated in the approval message to provide access to a requesting user according t