SQLY provides robust security and access control mechanisms to manage user permissions, data privacy, and authentication.
SQLY allows assigning roles to users and restricting query execution based on permissions.
security:
grant:
role: analyst
privileges:
- select
on:
- tables: [sales_data, customer_info]This grants analysts read-only access to sales and customer data.
security:
grant:
role: admin
privileges:
- insert
- update
- delete
on:
- tables: [all]This allows only admins to modify data.
SQLY supports row-level security to enforce fine-grained access control.
security:
row_level_policy:
table: orders
filter:
user_id: current_user()This ensures users can only access their own orders.
Sensitive fields can be restricted at the column level.
security:
column_masking:
table: customer_info
columns:
- credit_card_number:
mask:
role: non_admin
type: partial
format: "XXXX-XXXX-XXXX-####"This masks credit card numbers for non-admin users.
SQLY supports encryption at rest and in transit to protect sensitive information.
security:
encryption:
table: user_profiles
columns: [email, phone_number]
type: AES-256This ensures that email and phone numbers are encrypted.
SQLY logs queries to track access and detect suspicious activity.
security:
audit:
enabled: true
log_queries: true
log_failed_attempts: trueThis enables logging of all queries and failed authentication attempts.
- RBAC controls user privileges.
- RLS enforces per-user access restrictions.
- Column masking protects sensitive fields.
- Encryption secures data at rest and in transit.
- Query auditing detects unauthorized access.