How we give every user SQL access to a shared ClickHouse cluster

How do you let users write arbitrary SQL against a shared multi-tenant analytical database without exposing other tenants' data or letting a rogue query take down the cluster? That's the problem we needed to solve for Query & Dashboards . The answer is TRQL (Trigger Query Language), a SQL-style language that compiles to secure, tenant-isolated ClickHouse queries. Users write familiar SQL. TRQL handles the security, the abstraction, and the translation. This post is a deep dive into how it all works. We'll cover the language design, the compilation pipeline, the schema system, and the features that make TRQL more than just a SQL passthrough. Why build a DSL? A DSL (domain-specific language) is a language designed for a particular problem domain. CSS is a DSL for styling. SQL is a DSL for querying databases. TRQL is a DSL for querying Trigger.dev data. We could have exposed raw ClickHouse SQL directly. But there are three reasons we didn't: 1. The language itself is a security boundary.

How we give every user SQL access to a shared ClickHouse cluster

Related Articles

Talent gets the spotlight. Discipline builds the legacy.

Coding in the Age of Co-Pilots: Why Developers Who Think Will Win

Two more EVs for the trash heap: Volvo EX30 and Honda Prologue

Building Your First Interactive Flutter App (Dicee)

80% of ML Engineering is Data Cleaning. Here is How I Automated It.

Related Articles

How-To
Talent gets the spotlight. Discipline builds the legacy.
Medium Programming • 35m ago

How-To
Coding in the Age of Co-Pilots: Why Developers Who Think Will Win
Medium Programming • 2h ago

How-To
Two more EVs for the trash heap: Volvo EX30 and Honda Prologue
The Verge • 2h ago

How-To
Building Your First Interactive Flutter App (Dicee)
Medium Programming • 2h ago

How-To
80% of ML Engineering is Data Cleaning. Here is How I Automated It.
Medium Programming • 2h ago