Any row-level security rule for a domain implies joins. Table fields in the security file will force a table join for security rule checking in the ad hoc view even though no column from that table was selected. This could cause unnecessary table retrievals causing Ad Hoc view performance degradation.
To avoid this situation, the user can add the forceJoin="false" setting to the security file. Here is example of security rule using this setting:
<resourceAccessGrantList id="products_access_grant" label="aLabel" resourceId="JoinTree_1">
<resourceAccessGrants>
<resourceAccessGrant id="product_filter_ROLE_DEP100_EMPLOYEE_row_grant" forceJoin="false">
<principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_DEP100_EMPLOYEE] }</principalExpression>
<filterExpression>public_product.departament == 100</filterExpression>
</resourceAccessGrant>
<resourceAccessGrants>
</resourceAccessGrantList>
TTC-20141126
Recommended Comments
There are no comments to display.