Say I have an SQL database and I want to query it from a frontend/app. But I need to assume a malicious actor, so I need fine granular control over what is queried and I want to check if the query is valid for whoever submits it. Are there any good solutions that are less powerful than just having pure SQL (which is super hard to check) but more powerful than, say, graphql?

Something like cube.js (cube.dev) seems to come close, but I wonder what other options are there