Various embodiments provide access control to unprotected data storage system endpoints. In one embodiment, an authenticated query request is received. The request includes a query associated with an unprotected data storage system endpoint configured to execute queries anonymously. The query is written in a Resource Description Framework (RDF) query language and requests one or more datasets stored in a relational data storage system. A user parameter within the query is identified. The user parameter uniquely identifies a user requesting the query. The query is automatically rewritten to include a set of access control list properties for one or more subject variables in the query. Each of the set of access control list properties configures the query to return data from the one or more datasets for which the user is authorized to access.