# Author a Reveal Policy

{% hint style="info" %}
Reveal policies are only supported for global masking policies.
{% endhint %}

1. Click the <i class="fa-shield">:shield:</i> **Policies** icon in the navigation menu and select **Data Policies**. Click **New data policy** and complete the **Policy name** field.
2. Select **Reveal** as the policy type.
3. Select one of the following options:
   * **columns tagged:** Select this option and then add tags from the subsequent dropdown.
   * **columns with any tag**
   * **columns with no tags**
   * **all columns**
   * **columns with names spelled like:** Select this option and then enter a **regex** and choose a **modifier** in the subsequent fields.
4. Complete the **for everyone who** condition to specify who the data should be revealed to. For details about the behavior of these options, see the [Masking policies reference guide](https://documentation.immuta.com/saas/govern/secure-your-data/authoring-policies-in-secure/reference-guides/masking-matrix-functions#masking-exceptions).

   * **is a member of group:** Select this inclusion and then one of the following options to complete the condition:
     * **name**: Select **name** and then enter the group name. If a user is a member of this group, they will see the masked data in the clear.
     * **name that matches any column tag**: If a user is a member of a group whose name matches any tag on the column, they will see the masked data in the tagged column in the clear.
     * **name that matches any data source tag**: If a user is a member of a group whose name matches any tag on the data source, they will see the masked data in the tagged data source in the clear.
   * **possesses attribute**: Select this inclusion and then enter the **attribute key**. Select one of the following options to complete the condition:
     * **value**: Enter the attribute value. If a user possesses this attribute key-value pair, they will see the masked data in the clear.
     * **value that matches any column tag**: If a user possesses an attribute with a key and value that matches any tag on the column, they will see the masked data in the tagged column in the clear.
     * **value that matches any data source tag**: If a user possesses an attribute with a key and value that matches any tag on the data source, they will see the masked data in the tagged data source in the clear.
   * **is acting under purpose**: Select this option and then search for and select the purpose name in the next field. If a user is acting under this purpose, they will see the masked data in the tagged column in the clear.

   You can add more than one condition by clicking **+ New Condition**. The dropdown menu in the policy builder will then contain conjunctions for your conditions. If you select **or**, only one of your conditions must apply to a user for them to see the data. If you select **and**, all of the conditions must apply.
5. Opt to complete the **Enter Rationale for Policy** field, and then click **Add**.
6. Click the dropdown menu beneath **Where should this policy be applied** and select **When selected by data owners**, **On all data sources**, or **On data sources**. If you selected **On data sources**, finish the condition in one of the following ways:
   * **tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with columns tagged**: Select this option and then search for **tags** in the subsequent dropdown menu.
   * **with column names spelled like**: Select this option, and then enter a **regex** and choose a **modifier** in the subsequent fields.
   * **in server**: Select this option and then choose a **server** from the subsequent dropdown menu to apply the policy to data sources that share this connection string.
   * **created between**: Select this option and then choose a **start date** and an **end date** in the subsequent fields.

     You can add more than one circumstance by clicking **+ New circumstance**. The dropdown menu in the policy builder will then contain conjunctions for your circumstances. If you select **or**, only one of your circumstances must be true for the policy to apply to a data source. If you select **and**, all of the circumstances must be true for the policy to apply.
7. To limit this policy to data sources within specific domains, enter the domains the policy should be restricted to in the **Select Domains** field.
8. Click **Activate Policy** or **Stage Policy**.