Hi everyone,
I’m looking for best-practice guidance on enforcing SQL access restrictions per user in n8n, and specifically which n8n nodes should be used.
I have a client that consists of a group of companies, where each company has its own database, for example:
DB1 → Company 1
DB2 → Company 2
DB3 → Company 3
Users are domain users, and they are stored in the databases themselves (not normal application users).
Some users work for more than one company, so:
A single user may exist in multiple databases
Each user has different permissions per company
Users must only be able to see data from the companies they are allowed to access
I have a chatbot connected to all company databases through n8n, and the chatbot executes SQL queries based on user input.
What I’m trying to figure out is:
What is the best practice in n8n to enforce per-user SQL restrictions, and which nodes should be used to do this properly?
If n8n is connecting with one credential that can read everything and you’re executing model-generated SQL, then there’s no truly safe “check first” pattern inside n8n.
You can add checks, but the same credential can still run a query that bypasses them (by mistake or by the bot inventing SQL).
Ideally, you should use subworkflows as tools in your AI Agent. In these subworkflows, you should define a very specific set of SQL requests that your AI can send to the database. You can also include checks here before executing to make sure the user has the right permissions.
An alternative that could work is to use dynamic credentials for SQL tools. However, the user credentials would then be exposed in workflow execution data. If that’s not an issue, this can solve the problem in a much more efficient way.
You can create a credential using expression that parse during the workflow execution. So right before executing the SQL query, you should have a node sending this JSON parameter.
