On April 27, 2024, our Sign-in and Create Account options will be unavailable from 9am-12pm ET. During this maintenance window, developer account access and free trial registration will be unavailable.

Query as another user

Hi all,

I would like to make DQL queries with a technical user but the query should return only the results for which the particular (for example johndoe) user has write permission.

Let's suppose technical user has write permission on everything. We would not like to make this technical user a superuser and create sessions in the name of "johndoe".

Is it possible to emulate what is appended to the DQLs to select only those documents/folders? (in the background DQL enforces the ACL security, appends something in the where clauses when a non-superuser runs a query)

For example a "pseudo query" which is executed by tech-user:

SELECT * FROM dm_document d WHERE folder('/Example')  AND EXISTS (SELECT 1 FROM dm_acl WHERE object_name=d.acl_name and r_accessor_name='johndoe' and r_accessor_permit='WRITE')

The above obviously won't work in this form. Has anybody done something like that?

In DQLs there is "FOR WRITE" statement, but this is not good as the query is executed with tech user not the real user.