You can use data access rules to control access to business entity records or data within these records. When users with custom user roles try to read data, access is granted or denied based on data access rules.
Data access rules restrict access to the data of a protected asset and its protected attributes. You need to configure conditions in the data access rules. Based on the conditions set for a rule a user role is allowed or denied access to data.
The data access rules and conditions are applicable for both master and source records. If the user searches for source records directly, the search requests retrieve results based on the record-level data access rule that you configure for the corresponding custom user role. The specific values that a user can access in both the master record and its source records are based on the attribute-level data access rules and conditions that you configure for the corresponding custom user role.