Read Rules
Purpose
Read rules determine which rows a user is allowed to see in the system and one row can have many rules. Read rules are the primary mechanism for enforcing confidentiality and data segmentation.
How Read Rules Work
A read rule is attached to a classification and is evaluated as follows:
| Classification Result | When True | Rule Applies |
|---|---|---|
| true | checked | yes |
| false | unchecked | yes |
When evaluated, the rule either:
- allows
- or denies access to the row
Deny always takes precedence.
Role Targeting
Read rules may:
- Apply to specific roles
- Exclude specific roles using Exclude Roles
- Apply globally if no roles are selected
Configuring a Read Rule
- Open the classification
- Open context menu → Configure Read Rule
-
Configure:
-
Active – enables the rule
- Message – optional explanation shown when data is hidden
- When True – rule trigger condition
- Roles / Exclude Roles – role scope
- Save