There are actually two types of stored query: regular and "trusted".

Any query you save is a regular query. It operates under the permissions of the viewer, and checks that the viewer has the necessary permissions - read access to the database, or more finely grained write access which checks the individual tables they will be writing to.

The problem with that is that it means you can't build an app which other, signed out or unprivileged users, can use.

So there's a second category: "trusted" queries. These are current only configurable by the site administrator who controls the Datasette deployment, as they go straight in the configuration file: https://docs.datasette.io/en/latest/sql_queries.html#trusted...

I'm planning to add a way for trusted users to create these through the UI via another permission, with a very strong UI warning to only use this feature if you understand the implications.

Here's a demo of an app that runs against trusted stored queries: https://agent.datasette.io/-/apps/01ktw6fpag19dnnga85t2ced3p

Source code here, showing how those queries are called: https://gist.github.com/simonw/6e6a3760fa0528ceda1f65d789069...

It uses these queries: https://agent.datasette.io/content/timeline-filtered and https://agent.datasette.io/content/timeline-count