Skip to content

Hardening Guide

The default Vanna settings are meant for you to easily get a personal copilot/POC up and running quickly. If you want to expose Vanna to other users, you can harden the system by following these guidelines.


The starter frontends don't have a login system. If you're implementing your own frontend, you should implement a login system.

Use Appropriate Database Credentials

Running vn.generate_sql can generate any SQL. If you're allowing end users to run this function, then you should use database credentials that have the appropriately scoped permissions.

For most data analytics use cases, you want to use a read-only database user. Depending on your specific requirements, you may also want to use Row-level security (RLS), which varies by database.

Plotly Code

Running vn.generate_plotly_code can generate any arbitrary Python code which may be necessary for chart creation. If you expose this function to end users, you should use a sandboxed environment.

You can also override vn.generate_plotly_code to just return an empty string. If you do this, then vn.get_plotly_figure will use deterministic defaults.

Execution Flow in the Built-in Web App

  • sql = vn.generate_sql(question=...): Generate any SQL statement
  • vn.is_sql_valid(sql=...): Used to check if the SQL should be run. You can override this function for your use case.
  • df = vn.run_sql(sql=...): Run the SQL and return a pandas DataFrame
  • plotly_code = vn.generate_plotly_code(question=..., sql=..., df_metadata=...): Generate any Python code which will generate a plotly figure
  • fig = vn.get_plotly_figure(plotly_code=..., df=...): Run the plotly code and return a plotly figure

Overriding a Specific Function

See the behavior customization docs for how to override a specific function.

Vanna Logo Vanna.AI

The fastest way to get insights from your database just by asking questions