Imagine that you are the database administrator for a military transportation system. You have a table named cargo in your database that contains information on the various cargo holds available on each outbound airplane. Each row in the table represents a single shipment and lists the contents of that shipment and the flight identification number. The flight identification number may be cross-referenced with other tables to determine the origin, destination, flight time and similar data. The cargo table appears as follows:

Suppose that General Jones (who has a Top Secret security clearance) comes along and requests information on the cargo carried by flight 1254. The general would (correctly) see all four shipments. On the other hand, if Private Smith (who has no security clearance) requests the data, the private would see the following table:

This correctly implements the security rules that prohibit someone from seeing data classified above their security level. However, assume that there is a unique constraint on flight ID and cargo hold (to prevent scheduling two shipments for the same hold). When Private Jones sees that nothing is scheduled for hold C on flight 1254, he might attempt to insert a new record to transport some vegetables on that flight. However, when he attempts to insert the record, his insert will fail due to the unique constraint. At this point, Private Jones has all the data he needs to infer that there is a secret shipment on flight 1254. He could then cross-reference the flight information table to find out the source and destination of the secret shipment and various other information.