Hi Aaron, Guardrails are not applied to superusers. The default user is a superuser, so to see guardrails in action you need to create and use a user that is not a superuser.
You can do that by setting, for example, these properties on cassandra.yaml: authenticator: PasswordAuthenticator authorizer: CassandraAuthorizer Then you can login with cqlsh using the default superuser and create a regular user with the adequate permissions. For example: bin/cqlsh -u cassandra -p cassandra > CREATE USER test WITH PASSWORD 'test'; > GRANT SELECT ON ALL KEYSPACES TO test; bin/cqlsh -u test -p test > SELECT * FROM stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW FILTERING; InvalidRequest: Error from server: code=2200 [Invalid query] message="Guardrail allow_filtering violated: Querying with ALLOW FILTERING is not allowed" Finally, that particular guardrail isn't applied to system tables, so it would still allow filtering on the system.local and system_views.settings tables, but not in stackoverflow.movies. I hope this helps. On Thu, 23 Jun 2022 at 19:51, Aaron Ploetz <aaronplo...@gmail.com> wrote: > So I'm trying to test out the guardrails in 4.1-alpha. I've set > allow_filtering_enabled: false, but it doesn't seem to care (I can still > use it). > > > SELECT release_version FROM system.local; > release_version > --------------------- > 4.1-alpha1-SNAPSHOT > > (1 rows) > > > SELECT * FROM system_views.settings WHERE name='allow_filtering_enabled'; > name | value > -------------------------+------- > allow_filtering_enabled | false > > (1 rows) > > > SELECT * FROm stackoverflow.movies WHERE title='Sneakers (1992)' ALLOW > FILTERING; > id | genre | title > ------+--------------------+----------------- > 1396 | Crime|Drama|Sci-Fi | Sneakers (1992) > > (1 rows) > > Is there like some main "guardrails enabled" setting that I missed? > > Thanks, > > Aaron > >
