Row-level security rules questions

How effective is to use row-level security rules, when there is e.g. LookupValue() xslt function within XSL rule used? Isn’t it a better idea to create a function or lookup field and use that field in the rule so that the evaluation of lookup is not done for each row independently?

It depends on how much data you load. The row-level-security is only evaluated when actually displaying the rows to the user e.g. in a table-view. Only records visible on screen are getting evaluated. So you can get let’s say 100 evaluations when you display a table.

On the other hand the lookup fields are loaded together with the main data load (they are rendered as SQL subqueries in the main SQL select). So if you would load 10.000 records you would have to load a bit more data than maybe actually needed, while the row-level-security would only evaluate few records.