CLS Examples

plan support

Data Security is only available in Enterprise Plan and above

This page shows practical CLS policies you can set up in minutes. Each example states the goal, the selected columns, and the access rule.

Example 1: Gate salary by HR group

Models/columns: employees → salary
Session property: group (Required)
Operator: Equals
Comparison value: hr
Result: Only users in the HR group can query salary. Others see “Restricted by policy” if a query references it.

Example 2: Allow price only for US region

Models/columns: order items → Price
Session property: country (Optional, default TW)
Operator: Equals
Comparison value: US
Result: Users with @country = "US" can access Price; others cannot.

Example 3: Hide internal_cost unless role is finance

Models/columns: products → internal_cost
Session property: role (Required)
Operator: Equals
Comparison value: finance
Result: Only Finance sees internal_cost.

Example 4: Multiple columns under one policy

Models/columns: orders → unit_cost, orders → profit_margin
Session property: role (Required)
Operator: In
Comparison value: finance, executive
Result: Finance and Executives can see both unit_cost and profit_margin.

Example 5: Default‑deny with optional property

Models/columns: customers → email
Session property: is_internal (Optional, default false)
Operator: Equals
Comparison value: true
Result: Only internal users can access email. External users are denied by default.

Preview and verify

Use the policy preview to simulate session property values and confirm the outcome before saving. Then ask a question in Home. If a blocked column is referenced, the UI shows a clear “Restricted by policy” message including the column name.

Example 1: Gate salary by HR group​

Example 2: Allow price only for US region​

Example 3: Hide internal_cost unless role is finance​

Example 4: Multiple columns under one policy​

Example 5: Default‑deny with optional property​

Preview and verify​