Column Security

Coming Soon

Column security is under active development and will be available in a future release.

Not all columns in a dataset are equally sensitive. A sales table might have revenue figures everyone can see, customer names only managers should access, and Social Security numbers that should be hidden from almost everyone. Column security lets you share the table while protecting specific fields.

Three types of column restrictions

Hidden columns

The column is completely invisible. Users don’t see it in results, can’t reference it in queries, and won’t even know it exists. The AI assistant also can’t see hidden columns — they’re excluded from its context entirely.

Use this for: Columns that users have no reason to know about — internal IDs, raw PII fields, or data reserved for specific roles.

Masked columns

The column is visible, but its values are obfuscated. Users know the column exists and can reference it in queries, but they see masked values instead of the originals.

Querri supports six mask types:

Mask	What it does	Example input	Example output
last4	Shows only the last 4 characters	555-12-3456	***3456
domain	Shows only the email domain	jane@acme.com	***@acme.com
hash	Replaces with a consistent hash	Jane Smith	a1b2c3d4
redact	Replaces entirely	Confidential	[REDACTED]
first_initial	Shows only the first character	Jane Smith	J***
year_only	Shows only the year from a date	1990-03-15	1990

Use this for: Columns where users need to know data exists but shouldn’t see the raw values — email addresses, phone numbers, dates of birth.

Hash masking preserves relationships

The hash mask produces the same output for the same input. This means users can still group, count, and compare values — they just can’t see the originals. Useful for analysis that needs to distinguish between records without revealing identities.

Aggregate-only columns

The column can only be used in aggregate functions — sums, averages, counts, minimums, and maximums. Individual row values are not shown. The AI assistant can reference these columns but only sees aggregated results.

Use this for: Columns like individual salaries, transaction amounts, or performance scores where the aggregate is useful but individual values are sensitive.

How restrictions accumulate

When a user has multiple policies with column restrictions, the restrictions stack:

• If any policy hides a column, it’s hidden
• If any policy masks a column, it’s masked (the most restrictive mask wins)
• If any policy marks a column as aggregate-only, individual values are blocked

This means adding more policies never loosens access — it can only tighten it.

Column security and the AI assistant

Column restrictions are enforced on all AI-generated queries:

• Hidden columns are excluded from the AI’s schema context. It can’t reference, query, or suggest analysis on columns it doesn’t know exist.
• Masked columns are visible in the schema, so the AI can write correct queries — but results return masked values.
• Aggregate-only columns are available for aggregate queries. The AI can calculate averages and totals but can’t retrieve individual values.

Next steps

• Access Policies — Control which rows each user can see
• Groups — Assign column and row policies to teams
• Dashboard Security — How dashboards enforce column restrictions