You are responsible for creating a secure data environment where only specific analysts can access sensitive columns, like Personally Identifiable Information (PII). What approach effectively limits access to sensitive data while still permitting widespread use of non-sensitive data?