Vela Access brings a new approach to access control, applying RBAC directly to SQL. It works with AI-generated queries, needs no code changes, and complements your database’s built-in security. Secure your data without slowing down development.
Hi, my name is Huss, an engineer at Ensemble Technologies. We've been using LLMs extensively in our new product, and one of the key challenges we've faced is implementing access control on top of free-form SQL queries generated by LLMs.
We searched for a role-based access control (RBAC) solution for our AI-powered services, but most options were too programming-centric and lacked the flexibility we needed. PostgreSQL's built-in security is great for protecting data, but it's difficult to integrate and comes with limitations we couldn't work around.
So, we built our own system. It parses SQL and applies RBAC rules directly to the query. The result has outperformed the other solutions we've tested so far, though there's still plenty of room for improvement.
We understand some may argue that sticking with Postgres's native security is the safer path, it's proven and solid. But parsing SQL and analyzing syntax trees is doable. After all, your DBMS parses complex queries and optimizes them with ease. Our use case is just a very small subset of that.
To be clear, we wanted to use Postgres's built-in tools. But in our case, and likely for others, they just didn't fit. That's why we built this as a standalone service, and we're excited to share it.
We started this project just a month and two weeks ago, so there are definitely bugs and missing features. But we'd love to hear what you think about the idea. Your feedback will help shape the product and move it closer to where we want it to be - the access control for the AI era. :)
