Pass-through SQL for cloud customers?

[Cognos91]

Hi,
We are looking to implement data security for cloud customers to enable them to use pass-through SQL functionality (User Defined SQL).
We use a multi-tenanted database, and have currently locked down the feature for User Defined SQL for our cloud customers.
There is row level security implemented in the data model.
However, we are now exploring options to leverage User Defined SQL for our cloud customers. This means they will bypass the data model that secures the data per each tenant.

How do we implement data level security while enabling User-Defined SQL functionality for cloud customers?
Has anyone implemented this scenario?

Thanks,

[bus_pass_man]

Does this help answer your question?


https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.ca_mdlg.doc/t_ca_mdlg_secure_data.html

"Tables that are based on typed-in SQL bypass security filters. To avoid potential security risks, specify the ibmcognos.typeinsqldisabled property on the data server connection that your data module is based on. If an attempt is made to create an SQL-based table after this property is specified, the table is not created. If this property is specified after an SQL-based table was created, the query execution is stopped. For more information, see Cognos-specific connection parameters."