Policy model
A FederIQ policy is a YAML record that attaches to a source (or every
source via "*") and declares how data must be handled. Policies ship
with four capabilities:
policies:
- name: mask_pii
applies_to: users
mask_columns:
email: "'***@***.com'"
ssn: "NULL"
- name: analysts_see_active_only
applies_to: events
when_role: analyst # only applies if FEDERIQ_ROLE=analyst
row_filter: "status = 'active'"
- name: pin_to_us_east
applies_to: "*"
require_region: us-east-1 # refuses to run if FEDERIQ_REGION != us-east-1
Fields
| Field | Type | Purpose |
|---|---|---|
name | string | Human-readable identifier |
applies_to | string or "*" | Source name to match |
when_role | string (optional) | Only applies when caller role matches |
require_region | string (optional) | Refuses to run outside this region |
mask_columns | map of col: expr | Replace the column with the SQL expression |
row_filter | string (optional) | SQL WHERE predicate AND'd into every SELECT |
Context
PolicyContext is pulled from environment variables at query time:
FEDERIQ_ROLE— caller role (e.g.,analyst,admin)FEDERIQ_REGION— data residency region (e.g.,us-east-1)
What happens at query time
See enforcement for the rewrite details.