Hi sonyvl!
Trying to enforce data access by adding conditions to a query at runtime isn’t going to give you the security they’re probably looking for since the queries are assembled in the browser. If you want to enforce data access restrictions that needs to be done in the data source.
In open source Grafana you’d need to use a separate orgs or a completely separate instance for each user with its own datasource defined that uses a dedicated database user account with access to just the data the user should be able to see (if the user should only be able to see certain rows then that would be done by creating a view that includes only those rows and not allowing the user access to the underlying table directly). In enterprise you can do the grafana part of restricting users to specific datasources via datasource permissions, rather than needing to use a separate org or instance. Unfortunately, this kind of access control is problematic in grafana today.