Data Access
Restrict which tables, columns, and rows Formula Bot can query in your SQL databases. Configure row-level security and shared identifier filters.
Control exactly what data Formula Bot can access in your connected databases. Configure table and column restrictions, and set up row-level security filters for sensitive data.
Data Access settings are only available for SQL data sources: BigQuery, Snowflake, MySQL, PostgreSQL, and MSSQL.
Why Configure Data Access?
Setting data access restrictions helps you:
- Protect sensitive data - Exclude tables or columns containing PII, financial data, or confidential information
- Improve accuracy - Constrain the AI to relevant tables for faster, more accurate results
- Maintain compliance - Ensure the AI only accesses data appropriate for your use case
- Enable multi-tenant filtering - Use row-level security to filter data by organization or user
Accessing Data Access Settings
- Go to My Data in the dashboard
- Switch to the Connectors tab
- Find your SQL connector and click the menu icon
- Select Data Access
Access Modes
When configuring a connector, you have two options:
Allow All Data
The AI can query any table and column in your database. Best for:
- Quick setup when all data is safe to query
- Development or testing environments
- Databases without sensitive information
Configure Restrictions
Choose specific tables, columns, and row filters. Recommended for:
- Production databases with sensitive data
- Multi-tenant applications
- Compliance-sensitive environments
Table Selection
Select which tables the AI can access:
- Click Configure access restrictions
- The system fetches your database schema
- Use checkboxes to select/deselect tables
- Use Select All or Deselect All for bulk actions
- Search for specific tables using the search box
Start with minimal access and add tables as needed. It's easier to grant access than to accidentally expose sensitive data.
Column Selection
Control access at the column level:
- Click the arrow next to a table name to expand it
- Select/deselect individual columns
- The table checkbox reflects partial selection (some columns selected)
Use Cases for Column Restrictions
- Exclude email addresses or phone numbers from customer tables
- Hide salary columns from employee tables
- Remove API keys or tokens from configuration tables
Row-Level Security (RLS)
Add filters to restrict which rows the AI can access. This is essential for multi-tenant data or when certain records should be excluded.
Enabling Row-Level Security
- Expand the Row-Level Security section
- Choose one or both filter types:
- Shared Identifier - Apply the same filter across multiple tables
- Single Table Rules - Create custom filters per table
Shared Identifier
Use this when multiple tables share a common identifier column (like org_id, organization_id, or tenant_id).
Setting up a Shared Identifier:
- Enable Shared Identifier
- Click columns that represent the same identifier across tables
- Set the comparison operator (equals, not equals, greater than, less than, contains, or IN)
- Enter the filter value
Example:
If your tables have org_id columns and you want to filter to organization 123:
- Select
customers.org_id,orders.org_id,products.org_id - Set operator to
= - Enter value
123
All queries will automatically include WHERE org_id = 123 on each selected table.
Single Table Rules
Create custom WHERE clause filters for individual tables.
Adding a Single Table Rule:
- Enable Single Table Rules
- Click Add Filter Rule
- Select the table and column
- Choose an operator:
=(equals)!=(not equals)>(greater than)<(less than)LIKE(contains)IN(list of values)
- Enter the filter value
Examples:
| Table | Column | Operator | Value | Result |
|---|---|---|---|---|
| orders | status | = | active | Only active orders |
| users | != | %@test.com | Exclude test accounts | |
| products | price | > | 0 | Only products with prices |
| regions | country | IN | US, CA, MX | North American data only |
Combining Filter Types
You can enable both Shared Identifier and Single Table Rules. When both are active, filters are combined with AND logic.
Example:
- Shared Identifier:
org_id = 123 - Single Table Rule:
orders.status = 'active'
Result: WHERE org_id = 123 AND status = 'active'
Filter Preview
When configuring RLS, you'll see a preview of the generated SQL WHERE clauses. This helps verify your filters before saving.
Saving Settings
- Review your table, column, and RLS selections
- Click Save at the top of the configuration
- Settings take effect immediately for new queries
Changing Settings
You can modify data access settings at any time:
- Return to My Data > Connectors
- Click the menu on your connector
- Select Data Access
- Your existing settings will be pre-loaded
- Make changes and save
Best Practices
Start Restrictive
Begin with minimal access and add tables/columns as needed rather than removing sensitive data later.
Use Meaningful Filters
RLS filters should reflect real access control requirements, not just convenience.
Test Your Configuration
After saving, run a few test queries in AI Chat to verify the AI can access the data it needs.
Document Your Choices
Keep notes on why certain tables or columns are restricted for future reference.
Review Periodically
As your database schema evolves, review data access settings to ensure they remain appropriate.
Troubleshooting
Tables Not Appearing
- Verify the connector credentials have SELECT permissions
- Check that the database/schema is accessible
- Try refreshing the schema
Queries Returning No Data
- Check if RLS filters are too restrictive
- Verify the filter values are correct
- Ensure the filtered column exists in the queried tables
Permission Errors
- The connector may lack access to certain tables
- Contact your database administrator to grant appropriate permissions
Next Steps
- Set up a Knowledge Base to provide additional context
- Connect a database if you haven't already
- Learn about AI Chat to start querying your data