Every now and then I find myself debating with a friend or colleague on whether we should use ACL or Business rules query.

Personally, I think the use of business rule query should be minimised. if you think about it, ACL called ACL for a reason! your security admin is the only one who can change ACL where anyone in your organisation with personalize_rules role can play with a query business rule that can be integral to your team.

again, I am not saying never use query business rules , I am just saying it should be minimised.

Here is when you shouldn’t use query business rules

• Your query BR is going to run on large table.
• Your query BR might contain a lot of OR clauses or LIKE operator.
• You are not concern about your instance performance.