Query Access

Queries are correct-by-construction. This is to say that if the user has access to both a decryption key and reference, they have read/query access. There mere fact of having this tuple confers read access.

In the case of unencrypted data, you may think of the decryption key as being the identity function.