An authorizer has to be installed per DB conn. The code won't even be *available* to a 3rd party app, as the OP wants. You don't get a pre-built authorizer simply by opening the DB. If the tech existed to do that in SQLite, it would amount to C code injection into foreign apps, and so probably disabled by a great many apps on security grounds. Making the DB read-only to "other" through the filesystem may help, but that then means he cannot run any 3rd party apps under his current user, because that would give write access to the DB. This is the sort of thing that demands an API barrier, where an interposing app exposes a query interface and enforces permissions.