On Mon, Jan 18, 2016 at 10:27 PM, David Barrett <dbarrett at expensify.com> wrote:
> One use of this I would like is to create a security framework around > arbitrary SQL queries from the user. So, for example, I'd love to > determine which tables (and which columns of those tables) a particular > query is going to access, and then compare that list against a whitelist of > columns the user is authorized to access. You shouldn't use the parser interface for access control, you should use the authorizer interface. -scott
