In this scenario, I would implement column level restrictions by using Denodo Platform’s built-in feature "[Assign Column privileges](https://community.denodo.com/docs/html/browse/8.0/en//vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#column-privileges)" from the graphical interface.
Alternatively, I would develop custom policy to achieve column level restriction using **context attribute** to capture the information about the context of the query.
For instance, I would use the method **getFieldsInQuery() **to get the fields involved in the query.
Then I would apply restriction on those columns and then reject the query with return clause **CustomRestrictionPolicyFilterType.REJECT**.
For more information, you can refer to [Developing a Custom Policy](https://community.denodo.com/docs/html/browse/8.0/en//vdp/developer/custom_policies/developing_a_custom_policy#developing-a-custom-policy) section under Virtual DataPort Guide more information.
Hope this helps!