Skip to main content

What You’ll Accomplish

Guardrails let you block dangerous queries before they execute. You can:
  • Prevent accidental UPDATE or DELETE without a WHERE clause
  • Block DROP TABLE and other destructive DDL commands
  • Enforce read-only access for specific user groups
  • Require LIMIT clauses on large tables
  • Block queries that access sensitive columns

The Problem Guardrails Solve

Without guardrails, one typo can destroy production data:
Guardrails catch these mistakes before they execute, showing an error instead of running the dangerous query.

How Guardrails Work

1

Query Submitted

User runs a query through Hoop (CLI, Web App, or API)
2

Rules Evaluated

Each guardrail rule is checked against the query using pattern matching
3

Decision Made

If a rule matches: block, warn, or require approval based on configuration
4

Result Returned

User sees either the query result or an error explaining which rule was violated

Rule Types


Guardrails vs Other Features

These features work together. For example:
  • Guardrails block DROP TABLE commands
  • Live Data Masking redacts SSN in SELECT results
  • Access Requests require approval before connecting
  • Access Control limits who sees the resource role

Ready to set it up? The Guardrails configuration guide covers prerequisites, creating rules, pattern syntax, actions, recipes, testing, and troubleshooting.

Next Steps

Guardrails Configuration

Detailed configuration options and rule syntax

Live Data Masking

Automatically redact sensitive data in query results

Access Requests

Require approval for access to sensitive resource roles

Session Recording

Audit all query executions including blocked queries