Methods for using SQL statements to access an application-server-managed database are disclosed herein. In some embodiments, a user sends, either directly or indirectly (i.e., remotely) a SQL statement from an ODBC application or server, respectively, to an application server that preprocesses SQL statements for accessing data from a centralized database. The application server may have a SQL endpoint, and access to the SQL endpoint may be determined by a user's logon credentials, a user's presentation of a SAML token, or a user's presentation of a valid certificate. The application server may then parse the SQL statement and determine the user's authorization to access certain objects in the centralized database based on a SQL handler design-time configuration. A result from the statement may be sent back to the user either directly or indirectly and exposed.