hi robert,

since read security is controlled on the server independent of the SQL statement, and since labkey SQL can't update/delete I think the security concern is that high.

however, if you above example is really that straightforward, i think you probably want to do this using filters, not by writing a SQL statement. it would be roughly like:

LABKEY.ext.Store({
queryName: 'person',
schemaName: 'yourSchemaName',
filterArray: [
    LABKEY.Filter.create('firstname', firstName, LABKEY.Filter.Types.EQUAL),
    LABKEY.Filter.create('age', age, LABKEY.Filter.Types.GREATER_THAN_OR_EQUAL)
]

that's off memory, so there's probably typos.