Access control analytic data

Usage Analytics measures how often access control rules allow or deny users to see database query results.

The system evaluates access control rules that use script-based permissions after fetching records from the database. If a user passes the script-based permissions, the system allows the user to see the records. If a user fails the script-based permissions, the system denies the user access by discarding any records from the results that match the access control rule.

To help determine how often the system is performing such unneeded database queries, Usage Analytics collects information about each row-level access control transaction:
  • The table name.
  • The results of the permission check as the value allowed or denied.
  • The number of times row record access was allowed or denied.

Administrators can enable or disable the system collecting this data by setting a Usage Analytics property.