What You’ll Accomplish
Guardrails let you block dangerous queries before they execute. You can:- Prevent accidental
UPDATEorDELETEwithout aWHEREclause - Block
DROP TABLEand other destructive DDL commands - Enforce read-only access for specific user groups
- Require
LIMITclauses on large tables - Block queries that access sensitive columns
The Problem Guardrails Solve
Without guardrails, one typo can destroy production data:How Guardrails Work
1
Query Submitted
User runs a query through Hoop (CLI, Web App, or API)
2
Rules Evaluated
Each guardrail rule is checked against the query using pattern matching
3
Decision Made
If a rule matches: block, warn, or require approval based on configuration
4
Result Returned
User sees either the query result or an error explaining which rule was violated
Rule Types
Guardrails vs Other Features
These features work together. For example:
- Guardrails block
DROP TABLEcommands - Live Data Masking redacts SSN in
SELECTresults - Access Requests require approval before connecting
- Access Control limits who sees the resource role
Ready to set it up? The Guardrails configuration guide covers prerequisites, creating rules, pattern syntax, actions, recipes, testing, and troubleshooting.
Next Steps
Guardrails Configuration
Detailed configuration options and rule syntax
Live Data Masking
Automatically redact sensitive data in query results
Access Requests
Require approval for access to sensitive resource roles
Session Recording
Audit all query executions including blocked queries