# Row Access Policies Row Access Policies in TrustLogix enable organizations to enforce fine-grained access control by restricting data access at the row level based on user attributes, roles, or predefined conditions. This document details how to create a row access policy and includes all available options in dropdown menus. The **Condition Builder** simplifies policy creation for non-technical users, while the **SQL Builder** offers advanced customization for precise control over data masking rules. ### Steps to Create a Row Access Policy #### Navigate to the Row Access Policy Configuration * Log in to **TrustLogix**. * Click on **Data Sources**. * Select the relevant **Data Source** (e.g., Healthcare Services). * Click on **Access Policies**. * Click **Create Policy**. #### Define Row Access Policy Details * Enter the **Policy Name** (e.g., `Grant_Patient_info_By_Assigned_State`). * Provide a **Policy Description** (e.g., `Grant all patient data to user based on assigned state`). * Click **Next**. #### Select Data Scope * Choose **Named As** or **Classified As**. * Click **Tags** and enter classification keywords (e.g., `SENSITIVE`, `CONFIDENTIAL`). * Select the **Schema/Table** to apply the policy (e.g : `HEALTH_CARE.PATIENT_SCHEMA.PATIENT)` * Click **Close** after selecting the objects. #### Define Access Conditions * Click **Use SQL Editor** or **Use Condition Builder**. * Click **Add Condition**. * The Attribute drop down will list all available principal type options along with entitlement attributes. * Choose one of the option based on the condition wanted to be built. * Select the appropriate operator (`Equals`, `Not Equals`, `Contains`, `Starts With`). * Based on the attribute chosen Match with drop down will show up with available option * Choose the option from the Match with drop down. Value option will be provided with additional options based on selected Match with option * Select or enter the value * Click **Add Condition** or **Add Nested Condition** to add multiple criteria. * Click on Save * Modal window popup to show policy generation progress. If there are no errors policy is created and ready to be deployed * If required, **review and update** conditions before deployment. * If there are any validation error due to duplicate policy or column conditions mismatch correct them get the policy created and ready to be deployed * Click on Deploy button to deploy the policy from the modal. * Click **Use Condition Builder** or **Use SQL Editor**. #### Save and Deploy the Policy * Click **Save** to store the policy. * Click **Deploy** to enforce the policy across the selected data sources. **Condition Builder Options:** * **User-friendly interface** for defining access conditions without requiring SQL knowledge. * **Attribute Selection:** * `Role Name` * `User Group` * `Department` * `Geographical Region` * `Country` > Attributes drop down will list all the attributes created under attribute management screen for this data source * **Operators:** * `Equals` * `Not Equals` * `Contains` * `Starts With` * `Ends With` * `In List` * `Not In List` * **Logical Operators:** * `AND` * `OR` * `Nested Conditions` * **Value Assignment:** * Static values (e.g., `USA`, `EU`, `APAC`). * Dynamic values based on user attributes. **Advantages**: * **User-friendly interface** for defining access conditions without having SQL Knowledge. * Allows **nested conditions** for complex policies. * Provides **drag-and-drop options** to select attributes, operators, and values. * Best suited for **non-technical users** who prefer a guided configuration. * Supports logical operators like **AND**, **OR**, and grouping conditions. **SQL Editor Options:** * **Advanced tool** for writing custom conditions in SQL syntax. * **Allows for:** * Fine-grained control over policy conditions. * Using `JOINs`, `subqueries`, and `complex expressions`. * Applying row-level security based on dynamic queries. * **Example Query:** ```sql SELECT * FROM HEALTH_CARE.PATIENT_SCHEMA WHERE STATE IN (SELECT STATE FROM USER_ATTRIBUTES WHERE USER_ID = CURRENT_USER()); ``` **Advantages :** * **Advanced tool** for writing custom conditions in SQL syntax. * Allows **fine-grained control** over policy conditions. * Supports **JOINs, subqueries, and complex expressions**. * Best suited for **technical users** familiar with SQL. * Provides **query validation** to ensure correctness before applying conditions.