Read policy
The read policy defines the default visibility model for data in the system.
It determines what happens when read rules are evaluated and no rule explicitly allows or blocks a row.
In other words, the read policy answers a simple question:
Should rows be visible by default, or hidden by default?
The policy applies system-wide and establishes the organization’s baseline security model.
Purpose of the read policy
Read rules define conditional visibility.
The read policy defines what happens when no rule applies.
Together, the read policy and read rules determine whether a row is visible or hidden for a given user and situation.
The read policy itself does not evaluate conditions.
It only defines the starting assumption used when read rules are evaluated.
Optimistic policy
Under the optimistic policy, rows are visible by default.
Rows are only hidden if a rule explicitly blocks them.
This means:
- If no read rules apply, the row is visible.
- If allow rules apply, the row is visible.
- If any deny rule applies, the row is hidden.
This model assumes that most data should normally be accessible, with rules used to hide specific cases.
Typical scenarios include systems where:
- most data is intended to be broadly accessible
- only certain records need to be restricted
- restrictions apply to small subsets of data
The optimistic policy is the default policy in Minyu.
Optimistic policy truth table
Default is visible unless denied.
| A (any allow) | D (any deny) | Result |
|---|---|---|
| 0 | 0 | Visible |
| 1 | 0 | Visible |
| 0 | 1 | Hidden |
| 1 | 1 | Hidden |
Pessimistic policy
Under the pessimistic policy, rows are hidden by default.
Rows become visible only when a rule explicitly allows them.
This means:
- If no read rules apply, the row is hidden.
- If allow rules apply, the row is visible.
- If any deny rule applies, the row is hidden.
This model assumes that data should remain private unless access is explicitly granted.
Typical scenarios include environments where:
- sensitive data is common
- strict access control is required
- regulatory or contractual restrictions apply
Pessimistic policy truth table
Default is hidden unless explicitly allowed.
| A (any allow) | D (any deny) | Result |
|---|---|---|
| 0 | 0 | Hidden |
| 1 | 0 | Visible |
| 0 | 1 | Hidden |
| 1 | 1 | Hidden |
Conflict resolution
If both allow and deny rules apply at the same time, deny always wins, regardless of the active policy.
This ensures predictable and security-safe behavior.
Related resources
Reference
How-to