Controls against bad and rouge queries?

What control mechanisms are in place within Metabase, to prevent the server or database getting overwhelmed by bad queries or rouge queries which might become a resource hog?

I would want our non-tech users to use this tool, but want to make sure that they do not bring down the system by bad queries.


Hi @rohit.chowdhary

Are you talking about giving people access to Native Query (SQL)? Or just the Query Browser?

If you give them access to SQL, then they can write bad/slow queries.
If you let them use the QB, then they can only make queries within the current scope of Metabase, which should not overload your database, if you have a proper database structure.

Depending on which database you’re using, some have ways to limit the database-user resource level or at least how many seconds a query can run.

Thanks for your quick response.
I will have PostgreSQL and possibly Oracle as well.
I am referring to native SQL being created by the end user.
Is there a way, I can restrict or control who can run a native query and who can only use Query browser?


Yes, in Admin > Permissions, you can define which groups have Write Access to SQL - you add/edit groups in Admin > People > Groups.

Is it possible to set up a connection timeout feature that would stop queries that take more than a certain amount of time? This is a client-side feature so it would have to be set by Metabase.

See statement_timeout here:

I’m not sure if it would work, but you can try adding configs to Admin > Databases > (database) > Additional connection string options.
It might have something to do with c3p0, which is Metabase’s connection layer.