Prevent users from creating or using specific resource types
Learn how to restrict users from creating or using certain resource integration types.
| Resource type restrictions Availability | |||
|---|---|---|---|
| Self-hosted Edge 3.253 or later | Generally Available | ||
| Self-hosted Stable 3.253 or later | Generally Available | ||
Self-hosted organizations can specify optional restrictions using environment variables that prevent users from creating or using certain resource types. The restrictions you set depend upon your use case. Configuring these restrictions does not remove or modify the configuration of an existing resource.
Any restrictions you set can be reverted at any time. This enables you to temporarily disable resources (e.g., if your security team needs to review an integration before it can be used).
Prevent users from creating certain resource types
Use the RESOURCE_TYPES_CREATION_DENY_LIST environment variable to specify a comma-separated list of resource integration types that cannot be created. Users can still interact with any existing resources of these types but they will not be able to create new ones.
RESOURCE_TYPES_CREATION_DENY_LIST=graphql,twilio,postgresql
Prevent users from creating or using certain resource types (#restrict-usage)
In some cases, you may need to block all use of a certain resource type. You can use the RESOURCE_TYPES_DENY_LIST environment variable to provide a list of all resource integration types that are to be blocked. This effectively disables the resource type on the deployment instance, preventing users from creating and querying resources of these types.
RESOURCE_TYPES_DENY_LIST=graphql,twilio,postgresql
Once enabled, any queries for restricted resources will not run and return a query error.
The error message displayed in self-hosted Retool 3.300 and later also explains that that query failed due to the resource being restricted. Prior releases only return a query error.
Specify the environment variable values
Both environment variables can accept a comma-separated list containing any of the following resource type values. Refer to the self-hosted deployment tutorials to learn more about configuring environment variables for your instance.
| Resource | Type |
|---|---|
| PostgreSQL | postgresql |
| MySQL | mysql |
| MSSQL | mssql |
| OracleDB | oracledb |
| Redshift | redshift |
| MCP | mcp |
| MongoDB | mongodb |
| Google Sheets | googlesheets |
| Elasticsearch | elasticsearch |
| Cassandra | cassandra |
| CosmosDB | cosmosdb |
| CouchDB | couchdb |
| RethinkDB | rethinkdb |
| REST API | restapi |
| GraphQL | graphql |
| BigQuery | bigquery |
| S3 | s3 |
| GCS | gcs |
| Slack | slackopenapi |
| Salesforce | salesforce |
| Athena | athena |
| GitHub | github |
| Stripe | stripe |
| Twilio | twilio |
| SendGrid | sendgrid |
| Firebase | firebase |
| DynamoDB | dynamodb |
| Basecamp | basecamp |
| Close.io | closeio |
| Snowflake | snowflake |
| Redis | redis |
| Vertica | vertica |
| Presto | presto |
| SAP Hana | saphana |
| Lambda | lambda |
| OpenAPI | openapi |
| Google Cloud Datastore | datastore |
| gRPC | grpc |
| SMTP | smtp |
| Jira | jira |
| BigID | bigid |
| AlloyDB | alloydb |
| Databricks | databricks |
| Databricks Lakebase | databricksLakebase |
| JDBC | jdbc |
| Kafka | kafka |
| SQS | sqs |
| SNS | sns |
| Tavily | tavily |