/
Custom Row Level Security with Logical Operators

Custom Row Level Security with Logical Operators

Kyvos supports the use of logical OR conditions in Row-Level Security (RLS) rules within a semantic model and the associated BI consumption layer. This allows flexible data access control when multiple RLS rules are assigned to a user.

In many analytical environments, a single business user may require access to data across multiple business units, product lines, or other dimensional attributes. When such access is configured using multiple RLS rules, supporting logical OR conditions ensures that the user can view all permitted data combinations instead of being restricted by overly strict AND-based filtering, which could otherwise result in limited or no data visibility.

OR Semantics Across Rules

When multiple RLS rules are assigned to a user, they are combined using a logical OR condition. This means that the user can access data that matches any of the defined rules.

AND Semantics Across Rules
When multiple RLS rules are assigned to a user, they are combined using a logical AND condition. In this case, the user can only access data that satisfies all the defined rules simultaneously.

How It Works

Mode

Behavior

Data Returned

Mode

Behavior

Data Returned

AND (default)

User must satisfy ALL assigned rules simultaneously

Only the intersection of all rules — stricter, returns less data

OR (new)

User must satisfy ANY one of the assigned rules

Union of all rules — broader, returns more data

Example:

  • Rule 1: Country = Australia

  • Rule 2: Report Type = Balance Sheet

Config

Data Visible to User

Config

Data Visible to User

AND

Only rows where Country = Australia AND Report Type = Balance Sheet

OR

All rows where Country = Australia OR Report Type = Balance Sheet

To define logical OR conditions in Row-Level Security (RLS), perform the following steps.

  1. From the Toolbox, click Semantic Models.

  2. Click the Actions menu (...) in the work area and then click Data Security.

  3. Select the required operator (and/or) for the Rules Logical Operation.

    1. And: Use this operator to show only data that matches all selected rules.

    2. Or: Use this operator to show data that matches any of the selected rules.

      image-20260410-101427.png

       

  4. Click the Define Rule and Mapping link to specify data security for user and groups.

  5. In the Groups/ Users section, select users or groups that should have access to this semantic model.

  6. Click the plus sign in the Rules column to add a rule.

  7. Click Save.

    image-20260410-100637.png

     

  8. Create the worksheet and query the dimension on which you have applied the RLS rule.
    Data with ‘OR’ condition

    image-20260410-100900.png


    Data with ‘And’ condition

    image-20260410-101038.png

 

Copyright Kyvos, Inc. 2026. All rights reserved.