Restricted views are indeed the way to go to provide granular, row level access to the object instances. You can permission the access through use attributes, group membership or organization markings and more, resulting into security policies. In general, you don’t need to use an additional auxiliary table, the data and rules can be read off from upstream transforms resulting into a dataset which gets permissioned away.
For documentation, you can start with [https://www.palantir.com/docs/foundry/object-permissioning/managing-object-security#granular-access-controls-in-the-foundry-ontology](https://Granular access controls in Foundry Ontology).
Bit of a teaser here, but long term, Foundry Ontology will provide security configuration which let’s you encode the security policies directly on the object types, eliminating the needs for a restricted view in between.