# Author a Row-Level Policy 1. Determine your policy scope: * [**Global policy**](https://documentation.immuta.com/2024.3/secure-your-data/authoring-policies-in-secure/policies-explained): Click the **Policies page** icon in the left sidebar and select the **Data Policies** tab. Click **Add Policy** and enter a **name** for your policy. * [**Local policy**](https://documentation.immuta.com/2024.3/secure-your-data/authoring-policies-in-secure/policies-explained): Navigate to a specific data source and click the **Policies** tab. Scroll to the **Data Policies** section and click **Add Policy**. 2. Select the **Only show rows** action from the first dropdown. 3. Choose one of the following policy conditions: * **Where user** 1. Choose the condition that will drive the policy from the next dropdown: **is a member of a group** or **possesses an attribute**. 2. Use the next field to choose the **attribute**, **group**, or **purpose** that you will match values against. 3. Use the next dropdown menu to choose the tag that will drive this policy. You can add more than one condition by selecting **+ Add Another Condition**. The dropdown menu in the far right of the policy builder contains conjunctions for your policy. If you select **or**, only one of your conditions must apply to a user for them to see the data. If you select **and**, all of the conditions must apply. * **Where the value in the column tagged** 1. Select the tag from the next dropdown menu. 2. From the subsequent dropdown, choose **is** or **is not** in the list, and then **enter a list of comma-separated values**. * **Where** 1. Enter a valid **SQL WHERE clause** in the subsequent field. When you place your cursor in this field, a tooltip details valid input and the column names of your data source. See [Custom WHERE Clause Functions](https://documentation.immuta.com/2024.3/secure-your-data/authoring-policies-in-secure/data-policies/reference-guides/custom-where-clause-functions) for more information about specific functions. * **Never** The **never** condition blocks all access to the data source. 1. Choose the condition that will drive the policy from the next dropdown: **for everyone**, **for everyone except**, or **for everyone who**. 2. Select the condition that will further define the policy: **is a member of group**, **is acting under a purpose**, or **possesses attribute**. 3. Use the next field to choose the **group**, **purpose**, or **attribute** that you will match values against. 4. Choose **for everyone**, **everyone except**, or **for everyone who** to drive the policy. If you choose for everyone except, use the subsequent dropdown to choose the group, purpose, or attribute for your condition. If you choose for everyone who as a condition, complete the **Otherwise** clause before continuing to the next step. 5. Opt to complete the **Enter Rationale for Policy (Optional)** field, and then click **Add**. 6. For global policies: Click the dropdown menu beneath **Where should this policy be applied**, and select **On all data sources**, **On data sources**, or **When selected by data owners**. If you select **On data sources**, finish the condition in one of the following ways: * **tagged**: Select this option and then search for **tags** in the subsequent dropdown menu. * **with columns tagged**: Select this option and then search for **tags** in the subsequent dropdown menu. * **with column names spelled like**: Select this option, and then enter a **regex** and choose a **modifier** in the subsequent fields. * **in server**: Select this option and then choose a **server** from the subsequent dropdown menu to apply the policy to data sources that share this connection string. * **created between**: Select this option and then choose a **start date** and an **end date** in the subsequent dropdown menus. 7. Click **Create Policy**. If creating a global policy, you then need to click **Activate Policy** or **Stage Policy**.