We want to give some of our users permissions to read from database whatever

Question

0

Asked: June 12, 20262026-06-12T14:58:26+00:00 2026-06-12T14:58:26+00:00

We want to give some of our users permissions to read from database whatever

0

We want to give some of our users permissions to read from database whatever they want, so we’re interested – are there any SQL dialect that supports only SELECT, WHERE and JOIN operators?

We want to use it like this:

class MyModelWithSQLRule(models.Model):
    sql_rule = models.TextField()

    def what_data_i_will_get(self): 
        """
        Here we must get exception with attempt of query like
        DELETE * FROM users_users; SELECT id FROM users_users; 
        """
        parsed_sql_rule = select_only_parser(self.sql_rule)
        return Users.objects.raw(parsed_sql_rule)

It’s not about database engine. I want language, that in sub-family of SQL, but don’t have dangerous words like DELETE.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T14:58:27+00:00

Based on what you’ve said, the answer is No.

What you could do is have 2 Connection Strings for your database, 1 which is set at the DB level to be readonly, the other could be a read/write connection string, then you just need to construct a database session context with the appropriate connection string. This gives you a level of percieved security at your application level, but ultimately still relies on the DB as errors will be thrown from there.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We want to give some of our users permissions to read from database whatever

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply