dhtmlxConnector is open to external access of another programs that's why any external user is allowed to change data in DB, thus adding some kind of session based authentication is strongly recommended. Built in security manager allows to limit connector for certain operations only.

    $gridConn->access->deny("read"); //blocks Select action
    $gridConn->access->deny("add"); //blocks Insert action
    $gridConn->access->deny("edit"); //blocks Update action
    $gridConn->access->deny("delete"); //blocks Delete action

By default connector allows all for types operation.

Grid allow to use transactions , for data create|update|delete operations ( be sure that used DB engine has support for transactions ). They can be enabled as

    $conn->sql->set_transaction_mode("global");
or 
    $conn->sql->set_transaction_mode("record");

• Component uses single transaction for all records inside single request.
• If any operation fails - all record operations will be rolled back, all updated rows will be returned with error status
• If custom validation was assigned and block any record - all records inside request will be blocked

• Component uses separate transactions for each record in request
• If any operation fails, it will not affect other operations