Read-only access is necessary for AI database agents.
It is not enough.
A read-only agent can still:
- scan too much data
- run expensive queries
- return more rows than needed
- touch sensitive tables
- answer from a scope the user did not intend
That is why production natural language SQL needs query budgets.
What is a query budget?
A query budget defines what an AI database workflow is allowed to spend or touch before a query runs.
It can include:
- maximum rows returned
- maximum runtime
- approved tables or views
- allowed columns
- maximum date range
- cost or warehouse limits
- rate limits per user/workflow
- approval requirements for exceptions
The point is not to make agents less useful.
The point is to make useful access predictable.
Natural language hides query shape
A user asks:
Which customers are at risk this quarter?
That may be a perfectly reasonable business question.
But the generated query might be much broader than the user expected.
So the system needs boundaries outside the modelโs wording.
Budget by workflow:
- support lookup: one customer, short date range, redacted fields
- sales analysis: approved CRM views, aggregate output, row cap
- finance reporting: approved revenue model, scheduled run, owner review
- diagnostics: operational metrics, no customer PII, time-boxed queries
Full piece: AI database query budgets: the missing control for natural language SQL
Conexor helps teams connect databases and APIs to MCP-compatible AI clients.
Read-only access is the starting point.
Query budgets make the boundary visible, enforceable, and reviewable.
Top comments (0)