Every organization has data it cannot show to everyone. Finance sees salaries; sales sees pipeline; HR sees employee records. EQQ handles this cleanly with roles that scope who can see which query against which database.

The model in one sentence

Permissions attach to roles, roles attach to users, and every query lives inside a database scope. Effective access is the intersection.

Security → Roles - fine-grained permission grid per role.
Security → Roles - fine-grained permission grid per role.

Set up a read-only finance role

  1. Security → Roles → New. Name it Finance Query User.
  2. Grant Use Queries permission on the Finance database scope.
  3. Do not grant Manage Queries, Manage Views, or Settings.
  4. Assign the role to the users under Security → Users.

Those users will see only the queries you have explicitly marked available to Finance Query User. They have no path to the designer, no path to the admin pages, no path to other databases.

Principle: deny by default

EQQ ships with zero default role assignments. A new user can sign in and see nothing until a security admin grants them a role. This flips the usual “lock things down after the fact” pattern on its head - you open things up deliberately, one role at a time.

Auditing

Every query execution is logged with user, query name, parameters, and timestamp. The audit trail is queryable like any other data source.

Want to see it live? Book a 30-minute demo - we connect EQQ to your database and build a query with you. Book a Demo →