SQL Best Practices

Rasgo transforms are templated SQL statements that run directly against your DataWarehouse. They should be simple SELECT statements that return data. Transforms can be chained together to build a CTE or executed as a standalone query.

Here are some guidelines to help you build safe transforms and troubleshoot error messages.

Enforced Guidelines

Transforms must start with the SQL keyword SELECT or WITH. At the time of publishing Rasgo does not support starting transforms with comments. We encourage you to add these to the transform's metadata or further down in your SQL statement.

Transforms cannot contain a semicolon (;) anywhere in their SQL text. Transforms should not be multi-statement SQL strings. If you need to run multiple queries to return data, we encourage you split your SQL into multiple transforms or use a CTE to run them in a single transform. This rule also flags semicolons in comments.

Transforms cannot contain patterns that pose a high SQL injection risk. Basic examples:

  • DML or DDL keywords

  • premature string or comment closures

  • presence of EXECUTE IMMEDIATE command

These patterns may include unpublished examples and will expand over time. If you run into an error message you do not understand, please contract Rasgo for better guidance on why your SQL was flagged as risky.

Running SQL against your DataWarehouse comes with inherent risks. Rasgo will take reasonable precautions to identify and block obviously malicious and unintentionally dangerous patterns.

A critical part of any company's data security strategy should be an access control policy that prevents users and tools from performing unintended actions.

Rasgo encourages security teams to grant only the privileges and roles to Rasgo users that align with their data security policies as a first line of defense.

Last updated