# Expected Results - Before DDS enforcement, `alice` can run the broad high-risk customer query through the intentionally overprivileged legacy role. - Before DDS enforcement, sensitive columns such as `tax_id` and `annual_revenue` may be exposed to Alice. - After DDS enforcement, `alice` sees only LATAM customer fields authorized for the sales role. - After DDS enforcement, `bruno` sees LATAM customers and `tax_id` as `NULL`. - After DDS enforcement, `carla` sees global rows and sensitive columns. - The same broad SQL returns different results after database-enforced data grants are applied.