{"id": "authentication:authentication-permissions-execute-sql", "page": "authentication", "ref": "authentication-permissions-execute-sql", "title": "Controlling the ability to execute arbitrary SQL", "content": "Datasette defaults to allowing any site visitor to execute their own custom SQL queries, for example using the form on  the database page  or by appending a  ?_where=  parameter to the table page  like this . \n                 Access to this ability is controlled by the  execute-sql  permission. \n                 The easiest way to disable arbitrary SQL queries is using the  default_allow_sql setting  when you first start Datasette running. \n                 You can alternatively use an  \"allow_sql\"  block to control who is allowed to execute arbitrary SQL queries. \n                 To prevent any user from executing arbitrary SQL queries, use this: \n                 [[[cog\nconfig_example(cog, \"\"\"\n    allow_sql: false\n\"\"\") \n                 ]]] \n                 [[[end]]] \n                 To enable just the  root user  to execute SQL for all databases in your instance, use the following: \n                 [[[cog\nconfig_example(cog, \"\"\"\n    allow_sql:\n      id: root\n\"\"\") \n                 ]]] \n                 [[[end]]] \n                 To limit this ability for just one specific database, use this: \n                 [[[cog\nconfig_example(cog, \"\"\"\n    databases:\n      mydatabase:\n        allow_sql:\n          id: root\n\"\"\") \n                 ]]] \n                 [[[end]]]", "breadcrumbs": "[\"Authentication and permissions\", \"Access permissions in \"]", "references": "[{\"href\": \"https://latest.datasette.io/fixtures\", \"label\": \"the database page\"}, {\"href\": \"https://latest.datasette.io/fixtures/facetable?_where=_city_id=1\", \"label\": \"like this\"}]"}