Along with restricting access to an entire table, RLP also lets you filter a table down to specific rows — for example, only projects in a specific region, or only data for a specific company.
RLP is organized around groups. A group defines a set of table access rules. Users assigned to a group inherit those rules.
After configuring a new group, use Test as User in Kris AI Context Settings to confirm the filters are returning the expected results before launching RLP org wide!
Table Access
Each group can have access to one or more Kroo tables. For each table, you define a filter type:
No Filter (Full Access)
Conditions
Raw SQL
The user can see all rows in this table. Use this when the table doesn’t contain sensitive data or when the user should have unrestricted access to it.
Build a row filter using the point-and-click condition builder. Multiple conditions can be combined.| Field | Description |
|---|
| Column | Select the column to filter on (e.g., project_id, company, region) |
| Operator | Choose a comparison: equals, not equals, contains, greater than, less than, etc. |
| Value | Enter the value to match (e.g., 123, West, Active) |
- ALL conditions must match (AND) — every condition must be true for a row to be visible
- ANY condition must match (OR) — at least one condition must be true
Example: to restrict a user to only see Project ID 123 in the kroo_procore.projects table, set Column = project_id, Operator = equals, Value = 123.Click + Add Condition to add more conditions. Click Remove to delete a condition. Click Save Filter when done. Write a custom SQL WHERE clause for advanced filtering. This is useful when conditions are complex or need to reference other columns dynamically. The clause is applied as a WHERE filter against the table before Kris queries it.region = 'West' AND status != 'Closed'
Use the Explore Table Data link to preview the table’s columns and sample rows before building your filter.
Members
Each group has a members list. Add users to the group to apply the group’s table access rules to them.
A user can belong to multiple groups — their effective access is the union of all groups they belong to.
Creating a Group
Navigate to Row-Level Permissions
Create a new group
Click New Group and give it a descriptive name (e.g., “West Region PMs” or “Subcontractor – Acme”).
Add members
Add users to the group. See the Members section above for details. Configure table access
Add one or more Kroo tables and define the filter rules for each. See Table Access above. Support
For help setting up Row-Level Permissions, contact implementations@getkroo.com. 