Standard RLS allows restricting data access at the row level using a permission object that maps users (or user groups) to allowed values in the target object.
Standard RLS is configuration-driven and does not require writing SQL.
Before enabling Standard RLS, ensure:
Required reference fields are created
User identity mapping is available (e.g., user_id)
Step-by-Step: Enabling Standard RLS
Create the object that represents the accessing entity.
You can create source object of any object type.
Example:
Fields:
Create an object that links the source and target objects.
This object will be strictly of type Permission Object.
This object will contain a lookup field referring to source object.
Example:
Fields:
Create the object on which data access must be restricted.
In this object create one lookup field referring to the source object.
Example:
Fields:
department -> Lookup field referring to department object.
Enable RLS on the target object and select:
Permission Object: Department_Permissions
Source Object: Department
Step 5: Save and Activate
Click on Add in the Add Row Security panel, RLS filtering will be activated on the object.
RLS enabled Tag will be visible on the right of the object name.
Once activated:
All queries on the target object automatically apply row-level filters.
No SQL changes are required in queries.
Step 6: Commit and Deploy
After making all the required changes, commit all your changes and deploy the application.
Example Use Case
User should see only their business unit data.
Source Object: Department
Permission Object: Department_Permissions
Result:
User A belongs to department 1, then he will see only department 1 users.
User B belongs to department 2, then he will see only department 2 users.
