But DB roles arent case specific. Someone with access to personal records should only be able to query relevant and legal information about the current case at hand. This requires oversight.
One of the very few good reasons for in-database logic, such as views and stored procedures is rule enforcement - this allow queries to return only the data you are authorized to see. Doing this across multiple databases on multiple organizations is challenging, but, where I live, we all went through that with GDPR and we are quite good at preventing unauthorized access.
In the end, it feels like nobody (and nothing) can see the whole dataset.
