Skip to content

Read Policy

Read Access Policies: Optimistic vs. Pessimistic

Minyu provides two different read policies that the organization selects based on its security needs. One policy assumes that data should be visible unless restricted, while the other assumes that data should be hidden unless explicitly allowed. This choice defines the organization’s overall security posture and determines how strictly data visibility is controlled across the entire system.

Optimistic Policy (Default)

Under the optimistic policy, a row is considered visible as long as no denying rule applies.

This means:

  • If no read rules apply, the row is visible.
  • If only allow rules apply, the row is visible.
  • If any deny rule applies, the row is hidden.

This model assumes that visibility is the default state and that access is only removed when explicitly denied.

This policy is suited for environments where:

  • Most data is intended to be broadly accessible
  • Restrictions are the exception rather than the rule
  • The primary concern is selectively hiding sensitive subsets of data

Pessimistic Policy

Under the pessimistic policy, a row is considered hidden unless it is explicitly allowed.

This means:

  • If no read rules apply, the row is hidden.
  • If only allow rules apply, the row is visible.
  • If any deny rule applies, the row is hidden — even if allow rules also exist.

This model assumes that invisibility is the default state and that access must always be explicitly granted.

This policy is suited for environments where:

  • Sensitive data is the norm
  • Regulatory or contractual constraints apply
  • Any unintended exposure is unacceptable

Conflict Resolution: Deny Takes Precedence

If both allow and deny rules apply to the same row at the same time, deny always wins, regardless of the active policy. This guarantees predictable and security-safe behavior.

Configuration

The active read access policy is configured under System Settings. The system defaults to the optimistic policy.