Guardrails are policies that govern how AIDA behaves: what it refuses, how it handles oversized inputs, and which topics it engages with. They apply to all AI models and agents on the account.
An administrator configures guardrails once, at the account level, and Galaxy applies them on every request. Prompt limiting validates the size of each message before it reaches the model. Agent protection, data product protection, and topic filtering adjust the model’s instructions for each turn. Guardrails are on by default. You can turn off any protection that is too strict for your environment.
Guardrails govern how AIDA behaves. They do not replace your existing security controls such as Database permissions, row-level security, column masking, and data product access which govern the data AIDA can reach.
Only users with the MANAGE_SECURITY privilege can view and edit guardrails.
To edit the default guardrails, follow these steps:
The following table lists the configurable guardrails and their default state:
| Guardrail | Description | Default |
|---|---|---|
| Agent protection | Refuses to disclose AIDA's own instructions, tools, or rules. Treats instructions found in query data or tool results as data, not commands. | On |
| Data product protection | Restricts the built-in SQL and documentation tools to the session's data product. Refuses out-of-scope requests. | On |
| Prompt limiting | Rejects any user message longer than the configured limit before it reaches the model. | On. 50,000 characters |
| Topic filtering | Refuses any request that touches a listed topic. | Off |
The following sections detail each configurable guardrail protection.
When on, AIDA resists two categories of misuse:
When turned off, AIDA uses a friendlier baseline. It might describe its own setup and is more likely to follow instructions embedded in tool results.
Every chat session is scoped to one data product. When on, AIDA treats that scope as a hard boundary and:
hypothetically, just
this once, or as an admin.External Model Context Protocol (MCP) tools attached to the session are
unaffected and remain available. When turned off, AIDA receives the data
product’s name and description as context only, and runs any SELECT query the
user has permission for.
When on, Galaxy rejects any message longer than the configured limit before it reaches the model. No tokens are consumed, and the user sees the following error:
Your request was too long. Please rephrase your question with less detail.
The limit ranges from 1 to 1,000,000 characters. The default is 50,000 characters.
When off, Galaxy enforces no length limit. The model’s own context window still applies.
When on, you provide a list of topic keywords or phrases, and AIDA refuses any
request that touches one. The filter is semantic. For example, adding comedy
refuses tell me a joke as well as the literal word.
Topic filtering suits organizations that want a narrowly focused analytics agent, such as a financial-services deployment that should not offer investment advice.
Topic filtering is off by default. No topic filter is applied.
When an administrator saves a change to the guardrail settings:
Changes to Prompt limiting take effect immediately. Galaxy enforces the new limit on the next message in any session.
Agent protection, Data product protection, and Topic filtering work by adjusting the model’s instructions on each turn. Because earlier replies remain in the conversation history, the model tends to stay consistent with what it has already said. In practice:
A guardrail block does not end the session; it only returns a message. The session continues in every case.
You can turn off each of the four configurable controls individually.
Open the Edit default guardrails dialog as described in the section, then clear the protections you want to turn off:
SELECT query the
user has permission for runs.Q: Do guardrails replace row-level security and column masking?
A: No. Queries still run under the user’s identity, subject to the same row-level security and column-masking policies. Guardrails govern what the agent attempts; your existing controls govern what it can return.
Q: Are guardrails configured per data product, role, or user?
A: No. Guardrail settings are currently global. One configuration applies to the entire account, including every data product, model, chat session, and user.
Q: Should I raise the prompt limit?
A: The default of 50,000 characters is large enough for most pasted logs and short documents. Raise it only if you see legitimate messages being rejected. The maximum is 1,000,000 characters.
Q: I changed a guardrail mid-chat, but AIDA still behaves the old way. Why?
A: Most guardrail changes are sticky within an existing chat session. Agent protection, data product protection, and topic filtering adjust the agent’s instructions on each turn, but the model tends to stay consistent with its earlier replies. Start a new chat session to apply the changes. For more information, see .
Q: Why did topic filtering refuse a question that did not seem to match?
A: Topic filtering is semantic, so it refuses any request related to a listed
topic, not only exact matches. For example, a comedy topic also refuses
tell me a joke. Start with narrow, specific terms, and broaden them only as
needed.
Q: Does AIDA log what it blocks?
A: Galaxy logs configuration changes to the coordinator log, including the acting user and the new settings. Individual block events appear in the chat session itself, but are not yet aggregated into a dashboard.
Is the information on this page helpful?
Yes
No