rbac-rls-must-enforce-at-query-execution-not-ui
Row-level security for Runwal Vantage (R-Same) must be enforced at the query-execution layer — not just in the UI layer — to prevent Sales, Finance, and Project data from leaking across functions. This is the single non-negotiable v1 requirement: a UI-only RLS that can be bypassed via API calls is not acceptable for internal enterprise data.
Related
- rls-at-query-execution-layer-enterprise-bi-non-negotiable
- vantage-rbac-rls-non-negotiable-v1-gate
- rbac-rls-at-query-execution-layer-is-non-negotiable-enterpri
- r-dash-rbac-rls-non-negotiable-v1-feature
- snowflake
- fernet-encryption-for-data-source-credentials
- refresh-token-rotation-must-be-atomic-same-transaction
- cube-query-uses-5min-hs256-jwt-with-security-context
- column-masks-reapplied-on-cached-results-defense-in-depth