Governance#

Querona governs your data centrally: discovery, access control, lineage, data protection and auditing are built into the platform and applied consistently across every virtual database — and across every way the data is reached, whether over SQL, REST, GraphQL or a BI tool. A rule defined once holds for every consumer. And because Querona runs entirely on your own infrastructure, governed data — and the controls over it — never leave your environment.

Discover and catalog#

Every virtual database, schema, table, view and column lives in a single, searchable catalog, so people can find the data they need without knowing where it physically resides. You can search the catalog by name and organize objects with tags — a reusable business vocabulary — to classify them and make them easy to discover and group.

Data lineage#

Querona traces and maintains the metadata lineage of every object and its dependencies. Because the model is expressed as SQL views over virtual tables, the platform knows exactly which sources, tables and views each object draws from. Each object’s dependency graph can be examined graphically and searched, so you can answer “where does this number come from?” and “what is affected if I change this source?” before you make a change.

Access control#

Access is managed with users and roles and permissions — object-, schema- and database-level grants, plus row-level security that silently filters the rows a user may read based on their identity, group or role. Permissions are defined centrally and enforced by the engine on every query, so the same rules apply no matter which tool or endpoint a consumer uses. See Data Security.

Protect sensitive data#

Sensitive values can be protected without copying or altering the source. Dynamic data masking obscures values in the result stream — according to the calling identity — so unauthorized users see masked data while the stored data is untouched; transparent pseudonymization consistently replaces identifying values so data stays usable for analysis without exposing the originals. Data that Querona materializes on an untrusted system is encrypted automatically. See dynamic data masking and Data Security.

Audit#

Querona records activity for accountability: audit logs and statement history capture who did what, and when — which statements ran, under which identity, and against which objects — so access can be reviewed and reported on.

Data sovereignty#

Unlike cloud SaaS data platforms, Querona runs on infrastructure you control — on-premise, cloud or hybrid. Your data stays where it is, governance is enforced inside your own environment, and nothing is shipped to a third-party cloud — keeping you in control of data residency and compliance obligations.