> For the complete documentation index, see [llms.txt](https://docs.yansalabs.com/simple-data-separation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.yansalabs.com/simple-data-separation/technical-docs/separation-rules/parent-child-table-security.md). # Parent/Child Table Security Simple Data Separation is table-specific, affecting data visibility specifically for the table being accessed. When securing a table that is part of an extended table hierarchy, special consideration is encouraged to ensure the desired behavior is honored for all tables in the hierarchy. ### Securing Child Table Data Simple Data Separation makes it possible to define data segregation on a parent table, but to selectively enable/disable/modify the data segregation used on child tables. When defining a [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md) on a table that has children (a table from which other tables are extended), the preferred options to secure child tables are: 1. **Cascade Rule on the Parent Table** 1. By checking the 'Cascade rule' checkbox on your [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md), you can ensure that the same security on the parent table will be honored on all extended tables. 2. **Unique Separation Rules for Child Tables** 1. If your data separation needs are different for your child tables than your parent table, then you can create additional [Separation Rules](/simple-data-separation/technical-docs/separation-rules.md) for those child tables. In this case, you'll need to ensure that one of the below statements is true: 1. The 'Cascade rule' checkbox on the parent rule is *not* selected - this ensures that no child tables inherit the Separation Rule defined for the parent table. 2. The 'Cascade rule' checkbox on the parent table is selected, but the child table is explicitly named in the 'Cascade exceptions' list - this ensures that all child tables will inherit the Separation Rule defined for the parent table, *except* for those named as exceptions. {% hint style="info" %} Simple Data Separation will provide a warning on the Separation Rule form if there exists an inheritance conflict between rules on related parent/child tables. {% endhint %} ### Securing Parent Table Data Simple Data Separation makes it possible to secure a child table in a hierarchy without affecting the security of its parent tables. This flexibility is an advantage, but can have the unintended affect of exposing child table data when a parent table is viewed directly. {% hint style="info" %} Example: A Separation Rule is configured for the 'Incident' table. When a user navigates directly to the parent 'Task' table, this rule will not be triggered. Therefore, in a list view, the user will be able to see some details of those Incidents - by default, viewing a parent table displays data for all child tables. *Note: If the user attempts to click into the form view of an Incident, the Separation Rule will be triggered and the record will be hidden, limiting the visible data to what is shown on the list view.* {% endhint %} When defining a [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md) on a table that has parents (a table that is extended from another table), the preferred options to secure the data from parent table views are: 1. **Create the Rule on the Parent Table** 1. Create the [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md) on the parent table (instead of the child table). 1. If the 'Separation field' is not available directly on the parent table, utilize dot-walking to select the appropriate 'Separation field' from the child table. 2. Use the 'Cascade rule' and 'Cascade exceptions' fields to tailor how the Separation Rule will behave for all child tables extended from the parent. 2. **Create an Additional Rule on the Parent Table** 1. Create an additional [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md) on the parent table to hide child table records. In many cases, eliminating specific child table data from a parent table view is the ideal solution. 1. Use the 'Hide child tables' and 'Hide child table exceptions' fields to tailor the data that is visible from a parent table view. When enabled for a child table, that child table's data will not be visible when the parent table is viewed. 1. *Note: When using 'Hide child tables' or 'Hide child table exceptions', it is not required to select a 'Separation field'. This enables you to hide child table data without otherwise segregating data at the parent table.* 2. Use the 'Cascade rule' field to ensure that the 'Hide child tables' configuration is honored down the line in a multi-table hierarchy. 2. Alternatively, create an additional [Separation Rule](/simple-data-separation/technical-docs/separation-rules.md) on the parent table to segregate data in an alternate fashion. 1. In some cases, data segregation parameters are different for tables in a hierarchy. In these cases, different rules can be utilized for each table. 2. Use the 'Cascade rule' and 'Cascade exceptions' fields to tailor how the Separation Rule will behave for all tables in the hierarchy. {% hint style="info" %} Simple Data Separation will provide a warning on the Separation Rule form if there exists an inheritance conflict between rules on related parent/child tables. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.yansalabs.com/simple-data-separation/technical-docs/separation-rules/parent-child-table-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.