New: give any agent a live, governed query engine over your data, no warehouse required.Get started
Nightshift

Policy

Govern exactly what each identity sees.

Open your data up to people and agents without overexposing a single row. A grant binds an identity to what it can read, down to the row, the column, and the value, and Nightshift enforces it on every read, so the same table looks different to each caller.

Get started freeTalk to sales
Access · grantsshaped per identity
Identityorderscustomerseventsarr_by_region
Ada OkaforOwnerrwrwrwrw
Lena ParkAdminrwrwrwrw
Marc DiazMemberrmaskedr
analytics-agentTokenrr
rw / r readmasked column hidden denied

Row, column, value

Allow, deny, and mask, exactly where you need to.

Hide the salary column, drop the rows that start with A, mask everything but the last four digits. A grant is arbitrarily specific: one person can be blocked from rows 54, 23, and 15 of a single SAP table while everyone else reads them, and the same query comes back a different shape for each.

  • Filter rows by any predicate over the data
  • Hide or mask columns and individual values
  • The same query returns a different shape per identity
res_partner_euLive1.2k reads · 24h
MCPmcp.nightshift.sh/t/sylow/res_partner_eu

Usage · 24h

namepasses through
emailj•••@•••.com
credit_limitremoved
Served to any agent over MCP · shaped per identity

Monitor, then enforce

Watch a rule before you turn it on.

Start a grant in monitor and Nightshift replays it against real traffic, so you see exactly what it would allow, mask, or block before anyone is affected. Promote it to enforce when you are sure, and roll it back just as fast if you are not.

  • Monitor, Alert, and Enforce as a single control
  • See the impact against live reads before you commit
  • Promote or roll back without a deploy
support-mask-piiMaskenforced at request time
Principal
Support · group · 2 identities
Resource
*
Condition
any request
Effect
Mask email, phone, account

Enforcement

MonitorAlertEnforce

Why it holds

Why opening your data up stays safe.

Scoped to identity

A grant attaches to people, tokens, and agents. The same catalog returns different data depending on who is asking.

Enforced on every read

Every request is shaped before it leaves, so there is no unfiltered path to the data for a person or an agent to find.

Auditable by default

Every read and every grant change lands in one record, with before and after on each edit.

The rest of the product

Nightshift Console

Connect sources, query in notebooks or over MCP, and govern every read from one place.

Learn more

Nightshift Fiber

The typed React API for building governed data apps on your catalog.

Learn more

Connectors

Register any source and expose it as a governed catalog.

Learn more

Query

Query your governed catalog from a notebook, over MCP, or in an app.

Learn more

Open your data up. Keep control.

Start free, write your first grant, and see exactly what each identity gets back. Mask a column, deny a table, and watch the impact before you enforce.

Get started freeTalk to sales

Want to look first? Take the product tour