Result Policies

Result Policies

Result policies control what happens to query results after execution — how long they’re kept, how they’re delivered, and who can access them.

Configuration

Result policies are managed via server.toml (config-managed since v0.1.5):

[[result_policies]]
database = "app"
environment = "production"
retention_days = 7
delivery_mode = "both"
access = ["role:admin", "role:developer"]

Changes take effect on server restart or dbward server reload.

Fields

Field	Type	Default	Description
database	String	—	Database scope (or * for all)
environment	String	—	Environment scope (or * for all)
retention_days	Integer	30	Days to keep stored results
delivery_mode	String	"both"	How results are delivered
access	String[]	[]	Selectors for who can access results

Delivery modes

Mode	Behavior
both	Stream result to client AND store on server
store_only	Store result but don’t stream (client fetches later)
stream	Stream to client but don’t persist on server

Access control

The access field uses selectors to define who can retrieve stored results:

{
  "access": [
    "role:admin",
    "group:backend-team",
    "user:alice",
    "requester"
  ]
}

"requester" means the user who submitted the original request.

Global retention defaults

Separate from per-policy retention, the server has global defaults in [retention]:

[retention]
request_ttl_days = 90    # How long request records are kept
audit_ttl_days = 365     # How long audit log entries are kept
result_ttl_days = 30     # Default result retention (overridden by policy)
approval_ttl_secs = 86400  # Seconds before approved requests expire

Result sharing

Users can share results with others using --share-with at execution time:

dbward execute --share-with "group:backend-team" "SELECT * FROM metrics"

This creates access grants in addition to the policy’s default access list.

See also

• Policies Overview
• Executing Queries — result format and sharing options
• Configuration Reference — global retention settings