Read rules
Read rules determine which rows a user can see in the system.
They are evaluated whenever data is accessed and decide whether each row should be visible or hidden for the current user.
A single row may be affected by multiple read rules.
Purpose
Read rules control visibility at the row level.
They do not change data and do not affect whether a row can be created or edited.
Their only responsibility is deciding whether a row is visible to a user.
How read rules work
Each read rule references a classification.
The classification is evaluated first and produces either true or false.
The read rule then decides whether it applies based on the classification result and the rule’s When True setting.
The table below shows when a rule applies:
| Classification result | When True | Rule applies |
|---|---|---|
| true | checked | yes |
| true | unchecked | no |
| false | checked | no |
| false | unchecked | yes |
If the rule applies, it produces a visibility decision.
Rule outcome
When a read rule applies, it either:
- allows the row to be visible, or
- denies access to the row
If multiple read rules apply to the same row, deny always takes precedence.
If a row is denied by any applicable rule, the row is hidden from the user.
Role targeting
Read rules may apply only to specific roles.
A rule may:
- apply only to selected roles
- exclude selected roles
- apply to all users if no roles are specified
Role targeting determines whether the rule is evaluated, not how the rule itself behaves.
Related resources
Reference
How-to
Related concepts