Query Engine Security Overview
The Query Engine implements a multi-layered security model that enforces access control at the query level. Security features include row-level security (RLS) for fine-grained data access, dynamic data masking for sensitive columns, and comprehensive audit logging of all masking operations.
Security Layers
| Layer | Component | Description |
|---|---|---|
| Authentication | JwtAuthenticationFilter | Validates JWT tokens and extracts user context |
| Authorization | SecurityConfig | Role-based endpoint access control |
| Row-Level Security | RLS Engine | Injects tenant and role-based WHERE clauses |
| Data Masking | QueryResultMaskingService | Masks sensitive columns in query results |
| Audit | MaskingAuditService | Logs all masking operations |
Authentication Flow
Every query request passes through the JWT authentication filter:
- Extract the
Bearertoken from theAuthorizationheader - Validate the token signature and expiration
- Extract tenant ID, user ID, and roles from the token claims
- Set the
SecurityContextfor downstream components
The SecurityUtils class provides static methods to access the current tenant and user context:
UUID tenantId = SecurityUtils.getCurrentTenantId();
UUID userId = SecurityUtils.getCurrentUserId();Tenant Isolation
All queries are automatically scoped to the requesting tenant. The query engine:
- Validates that the referenced catalogs and schemas belong to the tenant
- Injects tenant-scoped predicates into queries
- Prevents cross-tenant data access at the engine level
Section Pages
| Page | Description |
|---|---|
| Row-Level Security | Dynamic WHERE clause injection based on user roles |
| Data Masking | Sensitive column masking in query results |
| Masking Audit | Audit logging for all masking operations |