Re: PluginSQL Approval - No Change to Plugin
The security fingerprint is hash generated from fields that include the plugin arguments and data. And your SQL plugin's data changes based on the parameters passed in the URL, so the fingerprint changes and then it needs approval again.
It is probably a security risk, but you could try granting the group "Can execute unapproved plugin registered (tiki_p_plugin_preview)". I'm not sure if that will work though.
Tom