rbac-rls-at-query-execution-layer-is-non-negotiable-enterprise-gate
For internal enterprise analytics platforms handling multi-function data (Sales, Finance, HR, Projects), row-level security must be enforced at the query execution layer — not at the UI or API layer — so data cannot leak even if a dashboard is shared or a URL is guessed. For the Runwal Vantage v1, this is the single feature whose absence constitutes failure. Architecture decisions about Redash fork must ensure RLS is wired into the query runner pipeline, not post-processed.
Related
- salesforce
- docker
- 2026-04-04-oracle-001-self-architecture-analysis
- redash-query-runner-extensibility-is-primary-integration-poi
- tableau
- runwal-vantage-project-scope-canonical-reference
- redash-query-runner-extensibility-pattern
- rls-at-query-execution-layer-enterprise-bi-non-negotiable
- redash-monorepo-fork-baseline-topology
- vantage-snowflake-only-single-source-architecture
- vantage-rbac-rls-non-negotiable-v1-gate
- cube-js-chosen-as-semantic-layer-between-snowflake-and-query
- r-dash-rbac-rls-non-negotiable-v1-feature
- rbac-rls-must-enforce-at-query-execution-not-ui
- fernet-encryption-for-data-source-credentials
- cube-query-uses-5min-hs256-jwt-with-security-context
- column-masks-reapplied-on-cached-results-defense-in-depth
- column-mask-reapply-on-cached-results